CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,772 vulnerabilities with CWE-89
CVE-2023-1770
MEDIUM
SourceCodester GPA Calculator 1.0 - SQL Injection
CVSS 6.3
CVE-2023-1747
MEDIUM
IBOS < 4.5.4 - SQL Injection via emailids Parameter in Email API
CVSS 6.3
CVE-2023-1742
MEDIUM
IBOS < 4.5.5 - SQL Injection via Report Search API
CVSS 6.3
CVE-2023-1741
MEDIUM
jeecg-boot 3.5.0 - SQL Injection in SysDictMapper.java
CVSS 4.3
CVE-2023-1740
MEDIUM
SourceCodester Air Cargo Management System 1.0 - SQL Injection
CVSS 4.7
CVE-2023-1738
MEDIUM
SourceCodester Young Entrepreneur E-Negosyo System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-1737
HIGH
SourceCodester Young Entrepreneur E-Negosyo System 1.0 - SQL Injection
CVSS 7.3
CVE-2023-1736
MEDIUM
SourceCodester Young Entrepreneur E-Negosyo System 1.0 - SQL Injection
CVSS 5.5
CVE-2023-1735
MEDIUM
SourceCodester Young Entrepreneur E-Negosyo System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-0620
MEDIUM
HashiCorp Vault 0.8.0-1.13.1 - SQL Injection via MSSQL Database Storage Backend Configuration
CVSS 6.5
CVE-2023-27167
MEDIUM
Suprema BioStar 2 <2.8.16 - SQL Injection
CVSS 6.5
CVE-2023-1675
MEDIUM
SourceCodester School Registration & Fee System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-1674
HIGH
SourceCodester School Registration & Fee System 1.0 - SQL Injection
CVSS 7.3
CVE-2023-25197
MEDIUM
Apache Fineract 1.4.0-1.8.2 - Authenticated SQL Injection
CVSS 6.3
CVE-2023-25196
MEDIUM
Apache Fineract 1.4.0-1.8.2 - Authenticated SQL Injection
CVSS 4.3
CVE-2023-1666
MEDIUM
SourceCodester Automatic Question Paper Generator System 1.0 - SQL ...
CVSS 6.3
CVE-2023-27847
CRITICAL
xipblog < 2.0.1 - SQL Injection via xipcategoryclass and xippostsclass Components
CVSS 9.8
CVE-2023-26959
CRITICAL
Phpgurukul Park Ticketing Mgmt <1.0 - SQL Injection
CVSS 9.8
CVE-2023-24840
HIGH
HGiga MailSherlock - Authenticated SQL Injection via Mail Query Function
CVSS 7.2
CVE-2023-28883
CRITICAL
Cerebrate 1.13 - Blind SQL Injection via SearchAll API Endpoint
CVSS 9.8
CVE-2023-28437
CRITICAL
Dataease < 1.18.5 - SQL Injection via Incomplete Blacklist
CVSS 9.8
CVE-2023-26864
CRITICAL
PrestaShop smplredirectionsmanager <1.1.19 - SQL Injection
CVSS 9.8
CVE-2023-25350
HIGH
Faveo Helpdesk 1.0-1.11.1 - SQL Injection via Login Input
CVSS 8.8
CVE-2023-27034
CRITICAL
PrestaShop jmsblog 2.5.5 - SQL Injection
CVSS 9.8
CVE-2023-28329
HIGH
moodle 3.9.0-3.9.19 and 4.1.0-4.1.1 - Authenticated SQL Injection
CVSS 8.8
Details
Vulnerabilities
19,772
Exploit Likelihood
High