CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,772 vulnerabilities with CWE-89
CVE-2023-24788
HIGH
NotrinosERP 0.7 - SQL Injection via OrderNumber Parameter
CVSS 8.8
CVE-2023-1612
MEDIUM
Rebuild < 3.2.3 - SQL Injection via /files/list-file
CVSS 6.3
CVE-2023-1610
MEDIUM
ruifang-tech rebuild < 3.2.3 - SQL Injection via /project/tasks/list
CVSS 6.3
CVE-2023-1608
MEDIUM
Zhong Bang CRMEB Java <1.3.4 - SQL Injection
CVSS 6.3
CVE-2023-1607
MEDIUM
novel-plus 3.6.2 - SQL Injection via /common/sysFile/list Sort Parameter
CVSS 4.7
CVE-2023-1606
MEDIUM
novel-plus 3.6.2 - SQL Injection via DictController.java Orderby Parameter
CVSS 6.3
CVE-2023-1595
MEDIUM
novel-plus 3.6.2 - SQL Injection via sort Parameter
CVSS 4.7
CVE-2023-1594
HIGH
novel-plus 3.6.2 - SQL Injection via MenuService sort Argument
CVSS 7.3
CVE-2023-1592
MEDIUM
SourceCodester Automatic Question Paper Generator System 1.0 - SQL ...
CVSS 6.3
CVE-2023-1591
MEDIUM
SourceCodester Automatic Question Paper Generator System 1.0 - SQL ...
CVSS 6.3
CVE-2023-1590
MEDIUM
SourceCodester Online Tours & Travels Management System 1.0 - SQL I...
CVSS 6.3
CVE-2023-1589
MEDIUM
SourceCodester Online Tours & Travels Management System 1.0 - SQL I...
CVSS 6.3
CVE-2023-1050
CRITICAL
As Koc Energy Web Report System < 23.03.10 - SQL Injection
CVSS 9.8
CVE-2023-24655
CRITICAL
Simple Customer Relationship Management System 1.0 - SQL Injection via Profile Update Name Parameter
CVSS 9.8
CVE-2023-28663
HIGH
Formidable PRO2PDF <3.11 - Authenticated SQL Injection
CVSS 8.8
CVE-2023-28662
CRITICAL
The Gift Cards <4.3.1 - SQL Injection
CVSS 9.8
CVE-2023-28661
HIGH
WP Popup Banners <1.2.5 - Authenticated SQL Injection
CVSS 8.8
CVE-2023-28660
HIGH
Events Made Easy WP Plugin <=2.3.14 - Authenticated SQL Injection
CVSS 8.8
CVE-2023-28659
HIGH
The Waiting: One-click Countdowns WP Plugin <=0.6.2 - Authenticated...
CVSS 8.8
CVE-2023-28438
MEDIUM
pimcore < 10.5.19 - SQL Injection via Report Endpoint
CVSS 6.2
CVE-2023-1578
HIGH
pimcore < 10.5.19 - SQL Injection
CVSS 8.8
CVE-2023-1571
MEDIUM
DataGear < 4.5.0 - SQL Injection via queryOrder Parameter
CVSS 6.3
CVE-2023-1566
MEDIUM
SourceCodester Medical Certificate Generator App 1.0 - SQL Injection
CVSS 6.3
CVE-2023-27638
CRITICAL
Custom Product Designer 2.1.4 - SQL Injection via tshirtecommerce_design_cart_id Parameter
CVSS 9.8
CVE-2023-27637
CRITICAL
Custom Product Designer 2.1.4 - SQL Injection via designer.php product_id Parameter
CVSS 9.8
Details
Vulnerabilities
19,772
Exploit Likelihood
High