CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,772 vulnerabilities with CWE-89
CVE-2023-30242
CRITICAL
Netentsec Application Security Gateway - SQL Injection
CVSS 9.8
CVE-2023-30203
CRITICAL
Judging Management System 1.0 - SQL Injection via event_id Parameter
CVSS 9.8
CVE-2023-2519
HIGH
Caton CTP Relay Server 1.2.9 - SQL Injection via Login API Username/Password Parameter
CVSS 7.3
CVE-2023-23470
MEDIUM
IBM i 7.2-7.5 - Privilege Escalation
CVSS 6.4
CVE-2023-30077
CRITICAL
Judging Management System 1.0 - SQL Injection via mainevent_id Parameter
CVSS 9.8
CVE-2023-29842
HIGH
ChurchCRM 4.5.4 - Blind SQL Injection via EN_tyid POST Parameter
CVSS 8.8
CVE-2023-27568
HIGH
Spryker Commerce OS 0.9 - SQL Injection via Order Search Parameter
CVSS 8.8
CVE-2023-30204
CRITICAL
Judging Management System 1.0 - SQL Injection via judge_id Parameter
CVSS 9.8
CVE-2023-31433
HIGH
Logbuch <8.2.2286, <9.0.2401 - SQL Injection
CVSS 8.8
CVE-2023-30944
MEDIUM
Moodle 3.9.0-3.9.20 and <4.2.0-rc2 - SQL Injection via External Wiki Page Listing
CVSS 5.6
CVE-2023-1730
CRITICAL
SupportCandy WP <3.1.5 - SQL Injection
CVSS 9.8
CVE-2023-2451
MEDIUM
Online DJ Management System 1.0 - SQL Injection via GET Parameter in /admin/bookings/view_details.php
CVSS 6.3
CVE-2023-2420
MEDIUM
MLECMS 3.0 - SQL Injection via $_SERVER['REQUEST_URI'] in get_url Function
CVSS 6.3
CVE-2023-2413
MEDIUM
AC Repair and Services System 1.0 - SQL Injection via manage_booking.php id Parameter
CVSS 6.3
CVE-2023-2412
MEDIUM
AC Repair and Services System 1.0 - SQL Injection via manage_user.php id Parameter
CVSS 6.3
CVE-2023-2411
MEDIUM
AC Repair and Services System 1.0 - SQL Injection via /admin/inquiries/view_inquiry.php id Parameter
CVSS 6.3
CVE-2023-2410
MEDIUM
AC Repair and Services System 1.0 - SQL Injection via /admin/bookings/view_booking.php id Parameter
CVSS 6.3
CVE-2023-2409
MEDIUM
AC Repair and Services System 1.0 - SQL Injection via /admin/services/view_service.php id Parameter
CVSS 6.3
CVE-2023-2408
MEDIUM
AC Repair and Services System 1.0 - SQL Injection via services/view.php id Parameter
CVSS 6.3
CVE-2023-26813
CRITICAL
wangmarket CMS 4.10 - SQL Injection
CVSS 9.8
CVE-2023-26781
CRITICAL
mccms 2.6 - SQL Injection via Reader Comments Search
CVSS 9.8
CVE-2023-2371
MEDIUM
SourceCodester Online DJ Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2370
MEDIUM
SourceCodester Online DJ Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2369
MEDIUM
SourceCodester Faculty Evaluation System 1.0 - SQL Injection
CVSS 4.7
CVE-2023-2368
MEDIUM
SourceCodester Faculty Evaluation System 1.0 - SQL Injection
CVSS 4.7
Details
Vulnerabilities
19,772
Exploit Likelihood
High