CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,772 vulnerabilities with CWE-89
CVE-2023-2075 MEDIUM
Campcodes Online Traffic Offense Management System 1.0 - SQL Injection via /admin/offenses/view_details.php id Parameter
CVSS 6.3
CVE-2023-2074 MEDIUM
Campcodes Online Traffic Offense Management System 1.0 - SQL Injection via Master.php id Parameter
CVSS 6.3
CVE-2023-2073 HIGH
Campcodes Online Traffic Offense Management System 1.0 - SQL Injection via Login.php Password Parameter
CVSS 7.3
CVE-2023-2054 MEDIUM
Campcodes Advanced Online Voting System 1.0 - SQL Injection via /admin/positions_delete.php id Parameter
CVSS 6.3
CVE-2023-2053 MEDIUM
Campcodes Advanced Online Voting System 1.0 - SQL Injection via /admin/candidates_row.php id Parameter
CVSS 6.3
CVE-2023-2052 MEDIUM
Campcodes Advanced Online Voting System 1.0 - SQL Injection via /admin/ballot_down.php id Parameter
CVSS 6.3
CVE-2023-2051 MEDIUM
Campcodes Advanced Online Voting System 1.0 - SQL Injection via /admin/positions_row.php id Parameter
CVSS 6.3
CVE-2023-2050 MEDIUM
Campcodes Advanced Online Voting System 1.0 - SQL Injection via Positions Add Description Parameter
CVSS 6.3
CVE-2023-27649 HIGH
Trusted Tools Free Music 2.1.0.47 2.0.0.46 1.9.1.45 1.8.2.43 - SQL Injection via Search History Table
CVSS 7.5
CVE-2023-2049 MEDIUM
Campcodes Advanced Online Voting System 1.0 - SQL Injection via Ballot Update ID Parameter
CVSS 6.3
CVE-2023-2048 MEDIUM
Campcodes Advanced Online Voting System 1.0 - SQL Injection via /admin/voters_row.php id Parameter
CVSS 6.3
CVE-2023-2047 MEDIUM
Campcodes Advanced Online Voting System 1.0 - SQL Injection via login.php Voter Parameter
CVSS 6.3
CVE-2023-2043 MEDIUM
Control iD RHiD 23.3.19.0 - SQL Injection via Email Parameter in Edit Handler
CVSS 6.3
CVE-2023-2041 MEDIUM
novel-plus 3.6.2 - SQL Injection via Sort Parameter
CVSS 6.3
CVE-2023-2040 MEDIUM
novel-plus 3.6.2 - SQL Injection via Sort Parameter
CVSS 6.3
CVE-2023-1863 CRITICAL
Eskom Water Metering Software <23.04.06 - SQL Injection
CVSS 9.8
CVE-2023-2039 MEDIUM
novel-plus 3.6.2 - SQL Injection via Sort Parameter
CVSS 6.3
CVE-2023-2038 MEDIUM
Campcodes Video Sharing Website 1.0 - SQL Injection via Email Parameter in admin_class.php
CVSS 6.3
CVE-2023-2037 MEDIUM
Campcodes Video Sharing Website 1.0 - SQL Injection via watch.php code Parameter
CVSS 6.3
CVE-2023-2036 MEDIUM
Campcodes Video Sharing Website 1.0 - SQL Injection via upload.php id Parameter
CVSS 6.3
CVE-2023-2035 MEDIUM
Campcodes Video Sharing Website 1.0 - SQL Injection via signup.php id Parameter
CVSS 6.3
CVE-2023-29626 HIGH
Yoga Class Registration System 1.0 - SQL Injection via cid Parameter
CVSS 7.5
CVE-2023-29622 CRITICAL
Purchase Order Management 1.0 - SQL Injection via Admin Login Password Parameter
CVSS 9.8
CVE-2023-27667 CRITICAL
Auto Dealer Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2023-27779 CRITICAL
am_presencia 3.7.3 - SQL Injection via Login Form User Parameter
CVSS 9.8
Details
Vulnerabilities 19,772
Exploit Likelihood High