CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,772 vulnerabilities with CWE-89
CVE-2023-2218 MEDIUM
Task Reminder System 1.0 - SQL Injection via Manage User ID Parameter
CVSS 6.3
CVE-2023-2217 MEDIUM
SourceCodester Task Reminder System 1.0 - SQL Injection via /admin/reminders/manage_reminder.php id Parameter
CVSS 6.3
CVE-2023-2215 MEDIUM
Campcodes Coffee Shop POS System 1.0 - SQL Injection via Manage User ID Parameter
CVSS 6.3
CVE-2023-2214 MEDIUM
Campcodes Coffee Shop POS System 1.0 - SQL Injection via /admin/sales/manage_sale.php id Parameter
CVSS 6.3
CVE-2023-2213 MEDIUM
Campcodes Coffee Shop POS System 1.0 - SQL Injection via id Parameter
CVSS 6.3
CVE-2023-2212 MEDIUM
Campcodes Coffee Shop POS System 1.0 - SQL Injection via id Parameter in view_product.php
CVSS 6.3
CVE-2023-2211 MEDIUM
Campcodes Coffee Shop POS System 1.0 - SQL Injection via manage_category.php id Parameter
CVSS 6.3
CVE-2023-2210 MEDIUM
Campcodes Coffee Shop POS System 1.0 - SQL Injection via id Parameter in view_category.php
CVSS 6.3
CVE-2023-2209 MEDIUM
Campcodes Coffee Shop POS System 1.0 - SQL Injection via /admin/sales/view_details.php id Parameter
CVSS 6.3
CVE-2023-2208 MEDIUM
Retro Basketball Shoes Online Store 1.0 - SQL Injection via details.php id Parameter
CVSS 6.3
CVE-2023-2207 MEDIUM
Retro Basketball Shoes Online Store 1.0 - SQL Injection via Contact Form Email Parameter
CVSS 6.3
CVE-2023-2206 MEDIUM
Retro Basketball Shoes Online Store 1.0 - SQL Injection via Contact Us Email Parameter
CVSS 6.3
CVE-2023-2205 MEDIUM
Retro Basketball Shoes Online Store 1.0 - SQL Injection via Email Parameter in Login Function
CVSS 6.3
CVE-2023-2204 MEDIUM
Retro Basketball Shoes Online Store 1.0 - SQL Injection via faqs.php id Parameter
CVSS 6.3
CVE-2023-30076 CRITICAL
Judging Management System 1.0 - SQL Injection via print_judges.php se_name Parameter
CVSS 9.8
CVE-2023-30605 MEDIUM
Archery - SQL Injection via variable_name and variable_value Parameters in param_edit Endpoint
CVSS 6.5
CVE-2023-30558 MEDIUM
Archery - SQL Injection via db_name Parameter in table_list Endpoint
CVSS 6.5
CVE-2023-30557 MEDIUM
Archery - SQL Injection via data_dictionary.py table_info Endpoint
CVSS 6.5
CVE-2023-30556 MEDIUM
Archery - SQL Injection via db_name Parameter in sql_optimize.py
CVSS 6.5
CVE-2023-30555 MEDIUM
Archery - SQL Injection via Explain Endpoint db_name Parameter
CVSS 6.5
CVE-2023-30554 MEDIUM
Archery - SQL Injection via ExecuteCheck Endpoint db_name Parameter
CVSS 6.5
CVE-2023-30553 MEDIUM
Archery - SQL Injection via ExecuteCheck Endpoint db_name and full_sql Parameters
CVSS 6.5
CVE-2023-30552 MEDIUM
Archery - SQL Injection via tb_name, db_name, or schema_name Parameters in describe Endpoint
CVSS 6.5
CVE-2023-28839 CRITICAL
Shoppingfeed PrestaShop <1.8.2 - SQL Injection
CVSS 9.4
CVE-2023-2154 MEDIUM
SourceCodester Task Reminder System 1.0 - SQL Injection
CVSS 4.7
Details
Vulnerabilities 19,772
Exploit Likelihood High