CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,772 vulnerabilities with CWE-89
CVE-2023-2075
MEDIUM
Campcodes Online Traffic Offense Management System 1.0 - SQL Injection via /admin/offenses/view_details.php id Parameter
CVSS 6.3
CVE-2023-2074
MEDIUM
Campcodes Online Traffic Offense Management System 1.0 - SQL Injection via Master.php id Parameter
CVSS 6.3
CVE-2023-2073
HIGH
Campcodes Online Traffic Offense Management System 1.0 - SQL Injection via Login.php Password Parameter
CVSS 7.3
CVE-2023-2054
MEDIUM
Campcodes Advanced Online Voting System 1.0 - SQL Injection via /admin/positions_delete.php id Parameter
CVSS 6.3
CVE-2023-2053
MEDIUM
Campcodes Advanced Online Voting System 1.0 - SQL Injection via /admin/candidates_row.php id Parameter
CVSS 6.3
CVE-2023-2052
MEDIUM
Campcodes Advanced Online Voting System 1.0 - SQL Injection via /admin/ballot_down.php id Parameter
CVSS 6.3
CVE-2023-2051
MEDIUM
Campcodes Advanced Online Voting System 1.0 - SQL Injection via /admin/positions_row.php id Parameter
CVSS 6.3
CVE-2023-2050
MEDIUM
Campcodes Advanced Online Voting System 1.0 - SQL Injection via Positions Add Description Parameter
CVSS 6.3
CVE-2023-27649
HIGH
Trusted Tools Free Music 2.1.0.47 2.0.0.46 1.9.1.45 1.8.2.43 - SQL Injection via Search History Table
CVSS 7.5
CVE-2023-2049
MEDIUM
Campcodes Advanced Online Voting System 1.0 - SQL Injection via Ballot Update ID Parameter
CVSS 6.3
CVE-2023-2048
MEDIUM
Campcodes Advanced Online Voting System 1.0 - SQL Injection via /admin/voters_row.php id Parameter
CVSS 6.3
CVE-2023-2047
MEDIUM
Campcodes Advanced Online Voting System 1.0 - SQL Injection via login.php Voter Parameter
CVSS 6.3
CVE-2023-2043
MEDIUM
Control iD RHiD 23.3.19.0 - SQL Injection via Email Parameter in Edit Handler
CVSS 6.3
CVE-2023-2041
MEDIUM
novel-plus 3.6.2 - SQL Injection via Sort Parameter
CVSS 6.3
CVE-2023-2040
MEDIUM
novel-plus 3.6.2 - SQL Injection via Sort Parameter
CVSS 6.3
CVE-2023-1863
CRITICAL
Eskom Water Metering Software <23.04.06 - SQL Injection
CVSS 9.8
CVE-2023-2039
MEDIUM
novel-plus 3.6.2 - SQL Injection via Sort Parameter
CVSS 6.3
CVE-2023-2038
MEDIUM
Campcodes Video Sharing Website 1.0 - SQL Injection via Email Parameter in admin_class.php
CVSS 6.3
CVE-2023-2037
MEDIUM
Campcodes Video Sharing Website 1.0 - SQL Injection via watch.php code Parameter
CVSS 6.3
CVE-2023-2036
MEDIUM
Campcodes Video Sharing Website 1.0 - SQL Injection via upload.php id Parameter
CVSS 6.3
CVE-2023-2035
MEDIUM
Campcodes Video Sharing Website 1.0 - SQL Injection via signup.php id Parameter
CVSS 6.3
CVE-2023-29626
HIGH
Yoga Class Registration System 1.0 - SQL Injection via cid Parameter
CVSS 7.5
CVE-2023-29622
CRITICAL
Purchase Order Management 1.0 - SQL Injection via Admin Login Password Parameter
CVSS 9.8
CVE-2023-27667
CRITICAL
Auto Dealer Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2023-27779
CRITICAL
am_presencia 3.7.3 - SQL Injection via Login Form User Parameter
CVSS 9.8
Details
Vulnerabilities
19,772
Exploit Likelihood
High