CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,772 vulnerabilities with CWE-89
CVE-2023-1770 MEDIUM
SourceCodester GPA Calculator 1.0 - SQL Injection
CVSS 6.3
CVE-2023-1747 MEDIUM
IBOS < 4.5.4 - SQL Injection via emailids Parameter in Email API
CVSS 6.3
CVE-2023-1742 MEDIUM
IBOS < 4.5.5 - SQL Injection via Report Search API
CVSS 6.3
CVE-2023-1741 MEDIUM
jeecg-boot 3.5.0 - SQL Injection in SysDictMapper.java
CVSS 4.3
CVE-2023-1740 MEDIUM
SourceCodester Air Cargo Management System 1.0 - SQL Injection
CVSS 4.7
CVE-2023-1738 MEDIUM
SourceCodester Young Entrepreneur E-Negosyo System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-1737 HIGH
SourceCodester Young Entrepreneur E-Negosyo System 1.0 - SQL Injection
CVSS 7.3
CVE-2023-1736 MEDIUM
SourceCodester Young Entrepreneur E-Negosyo System 1.0 - SQL Injection
CVSS 5.5
CVE-2023-1735 MEDIUM
SourceCodester Young Entrepreneur E-Negosyo System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-0620 MEDIUM
HashiCorp Vault 0.8.0-1.13.1 - SQL Injection via MSSQL Database Storage Backend Configuration
CVSS 6.5
CVE-2023-27167 MEDIUM
Suprema BioStar 2 <2.8.16 - SQL Injection
CVSS 6.5
CVE-2023-1675 MEDIUM
SourceCodester School Registration & Fee System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-1674 HIGH
SourceCodester School Registration & Fee System 1.0 - SQL Injection
CVSS 7.3
CVE-2023-25197 MEDIUM
Apache Fineract 1.4.0-1.8.2 - Authenticated SQL Injection
CVSS 6.3
CVE-2023-25196 MEDIUM
Apache Fineract 1.4.0-1.8.2 - Authenticated SQL Injection
CVSS 4.3
CVE-2023-1666 MEDIUM
SourceCodester Automatic Question Paper Generator System 1.0 - SQL ...
CVSS 6.3
CVE-2023-27847 CRITICAL
xipblog < 2.0.1 - SQL Injection via xipcategoryclass and xippostsclass Components
CVSS 9.8
CVE-2023-26959 CRITICAL
Phpgurukul Park Ticketing Mgmt <1.0 - SQL Injection
CVSS 9.8
CVE-2023-24840 HIGH
HGiga MailSherlock - Authenticated SQL Injection via Mail Query Function
CVSS 7.2
CVE-2023-28883 CRITICAL
Cerebrate 1.13 - Blind SQL Injection via SearchAll API Endpoint
CVSS 9.8
CVE-2023-28437 CRITICAL
Dataease < 1.18.5 - SQL Injection via Incomplete Blacklist
CVSS 9.8
CVE-2023-26864 CRITICAL
PrestaShop smplredirectionsmanager <1.1.19 - SQL Injection
CVSS 9.8
CVE-2023-25350 HIGH
Faveo Helpdesk 1.0-1.11.1 - SQL Injection via Login Input
CVSS 8.8
CVE-2023-27034 CRITICAL
PrestaShop jmsblog 2.5.5 - SQL Injection
CVSS 9.8
CVE-2023-28329 HIGH
moodle 3.9.0-3.9.19 and 4.1.0-4.1.1 - Authenticated SQL Injection
CVSS 8.8
Details
Vulnerabilities 19,772
Exploit Likelihood High