CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,772 vulnerabilities with CWE-89
CVE-2023-2367 MEDIUM
SourceCodester Faculty Evaluation System 1.0 - SQL Injection
CVSS 4.7
CVE-2023-2366 MEDIUM
SourceCodester Faculty Evaluation System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2365 MEDIUM
SourceCodester Faculty Evaluation System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2363 MEDIUM
SourceCodester Resort Reservation System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-30850 HIGH
pimcore < 10.5.21 - SQL Injection in Admin Translations API
CVSS 8.8
CVE-2023-30849 HIGH
pimcore < 10.5.21 - SQL Injection via Translation Export API
CVSS 8.8
CVE-2023-30848 HIGH
pimcore < 10.5.21 - SQL Injection via Admin Search Find API
CVSS 8.8
CVE-2023-2348 MEDIUM
SourceCodester Service Provider Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2347 MEDIUM
SourceCodester Service Provider Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2346 MEDIUM
SourceCodester Service Provider Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2344 MEDIUM
SourceCodester Service Provider Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2338 HIGH
pimcore < 10.5.21 - SQL Injection
CVSS 8.8
CVE-2023-30211 CRITICAL
ourphp <= 7.2.0 - SQL Injection
CVSS 9.8
CVE-2023-30112 HIGH
Medicine Tracker System 1.0.0 - SQL Injection
CVSS 7.5
CVE-2023-27843 CRITICAL
ask_for_a_quote < 5.4.2 - SQL Injection via QuotesProduct::deleteProduct
CVSS 9.8
CVE-2023-30839 CRITICAL
PrestaShop < 1.7.8.9 and 8.0.0-8.0.4 - Authenticated SQL Injection
CVSS 9.9
CVE-2023-30545 HIGH
PrestaShop < 1.7.8.9 and 8.0.0-8.0.4 - Authenticated Arbitrary File Read via SQL LOAD_FILE Function
CVSS 7.7
CVE-2023-0388 HIGH
Random Text WordPress Plugin < 0.3.0 - Authenticated SQL Injection
CVSS 8.8
CVE-2023-26865 CRITICAL
bdroppy < 2.2.28 - SQL Injection via BdroppyCronModuleFrontController::importProducts
CVSS 9.8
CVE-2023-29849 HIGH
Bang Resto 1.0 - SQL Injection via btnMenuItemID, itemID, itemPrice, menuID, staffID, or itemqty Parameter
CVSS 8.8
CVE-2023-23753 CRITICAL
Visforms 3.0.0-3.0.4 - SQL Injection via SQL Query Concatenation
CVSS 9.8
CVE-2023-2244 MEDIUM
Online Eyewear Shop 1.0 - SQL Injection via GET Parameter Handler
CVSS 6.3
CVE-2023-2243 MEDIUM
Complaint Management System 1.0 - SQL Injection via Registration POST Parameter
CVSS 6.3
CVE-2023-2242 MEDIUM
Online Computer and Laptop Store 1.0 - SQL Injection via GET Parameter Handler
CVSS 6.3
CVE-2023-26876 HIGH
Piwigo CVE-2023-26876 Gather Credentials via SQL Injection
CVSS 8.8
Details
Vulnerabilities 19,772
Exploit Likelihood High