CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,772 vulnerabilities with CWE-89
CVE-2023-2151 MEDIUM
SourceCodester Student Study Center Desk Management System 1.0 - SQ...
CVSS 6.3
CVE-2023-2150 MEDIUM
SourceCodester Task Reminder System 1.0 - SQL Injection
CVSS 4.7
CVE-2023-2149 MEDIUM
Campcodes Online Thesis Archiving System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2148 MEDIUM
Campcodes Online Thesis Archiving System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2147 MEDIUM
Campcodes Online Thesis Archiving System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2146 MEDIUM
Campcodes Online Thesis Archiving System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2145 MEDIUM
Campcodes Online Thesis Archiving System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2144 MEDIUM
Campcodes Online Thesis Archiving System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2130 MEDIUM
SourceCodester Purchase Order Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-1873 CRITICAL
Faturamatik Bircard <23.04.05 - SQL Injection
CVSS 9.8
CVE-2023-27844 CRITICAL
leurlrewrite < 1.0 - SQL Injection via Dispatcher::getController
CVSS 9.8
CVE-2023-27733 HIGH
dedecms v5.7.106 - SQL Injection via sys_sql_query.php
CVSS 7.2
CVE-2023-0765 HIGH
Gallery by BestWebSoft < 4.7.0 - Authenticated Blind SQL Injection
CVSS 8.8
CVE-2023-1723 CRITICAL
Veragroup Mobile Assistant <21.S.2343 - SQL Injection
CVSS 9.8
CVE-2023-2108 MEDIUM
SourceCodester Judging Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-27610 MEDIUM
Transbank Webpay REST <= 1.6.6 - Authenticated SQL Injection
CVSS 5.5
CVE-2023-2107 MEDIUM
IBOS 4.5.5 - SQL Injection via fids Parameter in file/personal/del&op=recycle
CVSS 6.3
CVE-2023-2097 MEDIUM
SourceCodester Vehicle Service Management System 1.0 - SQL Injection via Master.php id Parameter
CVSS 6.3
CVE-2023-2096 MEDIUM
Vehicle Service Management System 1.0 - SQL Injection via manage_inventory.php id Parameter
CVSS 6.3
CVE-2023-2095 MEDIUM
Vehicle Service Management System 1.0 - SQL Injection via manage_category.php id Parameter
CVSS 6.3
CVE-2023-2094 MEDIUM
Vehicle Service Management System 1.0 - SQL Injection via Manage Mechanic ID Parameter
CVSS 6.3
CVE-2023-2093 MEDIUM
SourceCodester Vehicle Service Management System 1.0 - SQL Injection via Login Username Parameter
CVSS 6.3
CVE-2023-2092 MEDIUM
Vehicle Service Management System 1.0 - SQL Injection via view_service.php id Parameter
CVSS 6.3
CVE-2023-2090 MEDIUM
SourceCodester Employee and Visitor Gate Pass Logging System 1.0 - SQL Injection via GET Parameter Handler
CVSS 6.3
CVE-2023-2089 MEDIUM
Complaint Management System 1.0 - SQL Injection via uid Parameter in User Profile Handler
CVSS 6.3
Details
Vulnerabilities 19,772
Exploit Likelihood High