CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,772 vulnerabilities with CWE-89
CVE-2023-2218
MEDIUM
Task Reminder System 1.0 - SQL Injection via Manage User ID Parameter
CVSS 6.3
CVE-2023-2217
MEDIUM
SourceCodester Task Reminder System 1.0 - SQL Injection via /admin/reminders/manage_reminder.php id Parameter
CVSS 6.3
CVE-2023-2215
MEDIUM
Campcodes Coffee Shop POS System 1.0 - SQL Injection via Manage User ID Parameter
CVSS 6.3
CVE-2023-2214
MEDIUM
Campcodes Coffee Shop POS System 1.0 - SQL Injection via /admin/sales/manage_sale.php id Parameter
CVSS 6.3
CVE-2023-2213
MEDIUM
Campcodes Coffee Shop POS System 1.0 - SQL Injection via id Parameter
CVSS 6.3
CVE-2023-2212
MEDIUM
Campcodes Coffee Shop POS System 1.0 - SQL Injection via id Parameter in view_product.php
CVSS 6.3
CVE-2023-2211
MEDIUM
Campcodes Coffee Shop POS System 1.0 - SQL Injection via manage_category.php id Parameter
CVSS 6.3
CVE-2023-2210
MEDIUM
Campcodes Coffee Shop POS System 1.0 - SQL Injection via id Parameter in view_category.php
CVSS 6.3
CVE-2023-2209
MEDIUM
Campcodes Coffee Shop POS System 1.0 - SQL Injection via /admin/sales/view_details.php id Parameter
CVSS 6.3
CVE-2023-2208
MEDIUM
Retro Basketball Shoes Online Store 1.0 - SQL Injection via details.php id Parameter
CVSS 6.3
CVE-2023-2207
MEDIUM
Retro Basketball Shoes Online Store 1.0 - SQL Injection via Contact Form Email Parameter
CVSS 6.3
CVE-2023-2206
MEDIUM
Retro Basketball Shoes Online Store 1.0 - SQL Injection via Contact Us Email Parameter
CVSS 6.3
CVE-2023-2205
MEDIUM
Retro Basketball Shoes Online Store 1.0 - SQL Injection via Email Parameter in Login Function
CVSS 6.3
CVE-2023-2204
MEDIUM
Retro Basketball Shoes Online Store 1.0 - SQL Injection via faqs.php id Parameter
CVSS 6.3
CVE-2023-30076
CRITICAL
Judging Management System 1.0 - SQL Injection via print_judges.php se_name Parameter
CVSS 9.8
CVE-2023-30605
MEDIUM
Archery - SQL Injection via variable_name and variable_value Parameters in param_edit Endpoint
CVSS 6.5
CVE-2023-30558
MEDIUM
Archery - SQL Injection via db_name Parameter in table_list Endpoint
CVSS 6.5
CVE-2023-30557
MEDIUM
Archery - SQL Injection via data_dictionary.py table_info Endpoint
CVSS 6.5
CVE-2023-30556
MEDIUM
Archery - SQL Injection via db_name Parameter in sql_optimize.py
CVSS 6.5
CVE-2023-30555
MEDIUM
Archery - SQL Injection via Explain Endpoint db_name Parameter
CVSS 6.5
CVE-2023-30554
MEDIUM
Archery - SQL Injection via ExecuteCheck Endpoint db_name Parameter
CVSS 6.5
CVE-2023-30553
MEDIUM
Archery - SQL Injection via ExecuteCheck Endpoint db_name and full_sql Parameters
CVSS 6.5
CVE-2023-30552
MEDIUM
Archery - SQL Injection via tb_name, db_name, or schema_name Parameters in describe Endpoint
CVSS 6.5
CVE-2023-28839
CRITICAL
Shoppingfeed PrestaShop <1.8.2 - SQL Injection
CVSS 9.4
CVE-2023-2154
MEDIUM
SourceCodester Task Reminder System 1.0 - SQL Injection
CVSS 4.7
Details
Vulnerabilities
19,772
Exploit Likelihood
High