CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,772 vulnerabilities with CWE-89
CVE-2023-2367
MEDIUM
SourceCodester Faculty Evaluation System 1.0 - SQL Injection
CVSS 4.7
CVE-2023-2366
MEDIUM
SourceCodester Faculty Evaluation System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2365
MEDIUM
SourceCodester Faculty Evaluation System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2363
MEDIUM
SourceCodester Resort Reservation System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-30850
HIGH
pimcore < 10.5.21 - SQL Injection in Admin Translations API
CVSS 8.8
CVE-2023-30849
HIGH
pimcore < 10.5.21 - SQL Injection via Translation Export API
CVSS 8.8
CVE-2023-30848
HIGH
pimcore < 10.5.21 - SQL Injection via Admin Search Find API
CVSS 8.8
CVE-2023-2348
MEDIUM
SourceCodester Service Provider Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2347
MEDIUM
SourceCodester Service Provider Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2346
MEDIUM
SourceCodester Service Provider Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2344
MEDIUM
SourceCodester Service Provider Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2338
HIGH
pimcore < 10.5.21 - SQL Injection
CVSS 8.8
CVE-2023-30211
CRITICAL
ourphp <= 7.2.0 - SQL Injection
CVSS 9.8
CVE-2023-30112
HIGH
Medicine Tracker System 1.0.0 - SQL Injection
CVSS 7.5
CVE-2023-27843
CRITICAL
ask_for_a_quote < 5.4.2 - SQL Injection via QuotesProduct::deleteProduct
CVSS 9.8
CVE-2023-30839
CRITICAL
PrestaShop < 1.7.8.9 and 8.0.0-8.0.4 - Authenticated SQL Injection
CVSS 9.9
CVE-2023-30545
HIGH
PrestaShop < 1.7.8.9 and 8.0.0-8.0.4 - Authenticated Arbitrary File Read via SQL LOAD_FILE Function
CVSS 7.7
CVE-2023-0388
HIGH
Random Text WordPress Plugin < 0.3.0 - Authenticated SQL Injection
CVSS 8.8
CVE-2023-26865
CRITICAL
bdroppy < 2.2.28 - SQL Injection via BdroppyCronModuleFrontController::importProducts
CVSS 9.8
CVE-2023-29849
HIGH
Bang Resto 1.0 - SQL Injection via btnMenuItemID, itemID, itemPrice, menuID, staffID, or itemqty Parameter
CVSS 8.8
CVE-2023-23753
CRITICAL
Visforms 3.0.0-3.0.4 - SQL Injection via SQL Query Concatenation
CVSS 9.8
CVE-2023-2244
MEDIUM
Online Eyewear Shop 1.0 - SQL Injection via GET Parameter Handler
CVSS 6.3
CVE-2023-2243
MEDIUM
Complaint Management System 1.0 - SQL Injection via Registration POST Parameter
CVSS 6.3
CVE-2023-2242
MEDIUM
Online Computer and Laptop Store 1.0 - SQL Injection via GET Parameter Handler
CVSS 6.3
CVE-2023-26876
HIGH
Piwigo CVE-2023-26876 Gather Credentials via SQL Injection
CVSS 8.8
Details
Vulnerabilities
19,772
Exploit Likelihood
High