CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,772 vulnerabilities with CWE-89
CVE-2023-1941 HIGH
SourceCodester Simple & Beautiful Shopping Cart System 1.0 - SQL In...
CVSS 7.3
CVE-2023-1940 MEDIUM
SourceCodester Simple and Beautiful Shopping Cart System 1.0 - SQL ...
CVSS 6.3
CVE-2023-1909 MEDIUM
PHPGurukul BP Monitoring Management System 1.0 - SQL Injection
CVSS 4.7
CVE-2023-1908 MEDIUM
SourceCodester Simple Mobile Comparison Website 1.0 - SQL Injection
CVSS 6.3
CVE-2023-1522 HIGH
Security Center <5.11.2 - SQL Injection
CVSS 8.8
CVE-2023-28849 CRITICAL
GLPI 10.0.0-10.0.7 - Unauthenticated SQL Injection and Stored Cross-Site Scripting via Inventory Endpoint
CVSS 10.0
CVE-2023-28838 CRITICAL
GLPI <9.5.13-10.0.7 - SQL Injection
CVSS 9.6
CVE-2023-26856 HIGH
Dynamic Transaction Queuing System v1.0 - SQL Injection
CVSS 7.2
CVE-2023-25330 CRITICAL
Mybatis Plus < 3.5.3.1 - SQL Injection via Tenant ID Valuer
CVSS 9.8
CVE-2023-1856 MEDIUM
SourceCodester Air Cargo Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-1850 MEDIUM
SourceCodester Online Payroll System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-1849 MEDIUM
SourceCodester Online Payroll System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-1848 MEDIUM
SourceCodester Online Payroll System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-1847 MEDIUM
SourceCodester Online Payroll System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-1846 MEDIUM
SourceCodester Online Payroll System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-1845 MEDIUM
SourceCodester Online Payroll System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-26750 CRITICAL
Yii Framework <v.2.0.47 - SQL Injection
CVSS 9.8
CVE-2023-1827 MEDIUM
SourceCodester Centralized Covid Vaccination Records System 1.0 - S...
CVSS 6.3
CVE-2023-1765 CRITICAL
Akbim Computer Panon <1.0.2 - SQL Injection
CVSS 9.8
CVE-2023-1793 MEDIUM
SourceCodester Police Crime Record Management System 1.0 - SQL Inje...
CVSS 6.3
CVE-2023-1792 MEDIUM
SourceCodester Simple Mobile Comparison Website 1.0 - SQL Injection
CVSS 6.3
CVE-2023-1791 MEDIUM
SourceCodester Simple Task Allocation System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-26858 CRITICAL
PrestaShop faqs <3.1.6 - Privilege Escalation
CVSS 9.8
CVE-2023-1785 MEDIUM
SourceCodester Earnings and Expense Tracker App 1.0 - SQL Injection
CVSS 6.3
CVE-2023-28843 CRITICAL
PrestaShop paypal 3.12.0-3.16.3 - SQL Injection
CVSS 9.8
Details
Vulnerabilities 19,772
Exploit Likelihood High