CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,772 vulnerabilities with CWE-89
CVE-2023-24788 HIGH
NotrinosERP 0.7 - SQL Injection via OrderNumber Parameter
CVSS 8.8
CVE-2023-1612 MEDIUM
Rebuild < 3.2.3 - SQL Injection via /files/list-file
CVSS 6.3
CVE-2023-1610 MEDIUM
ruifang-tech rebuild < 3.2.3 - SQL Injection via /project/tasks/list
CVSS 6.3
CVE-2023-1608 MEDIUM
Zhong Bang CRMEB Java <1.3.4 - SQL Injection
CVSS 6.3
CVE-2023-1607 MEDIUM
novel-plus 3.6.2 - SQL Injection via /common/sysFile/list Sort Parameter
CVSS 4.7
CVE-2023-1606 MEDIUM
novel-plus 3.6.2 - SQL Injection via DictController.java Orderby Parameter
CVSS 6.3
CVE-2023-1595 MEDIUM
novel-plus 3.6.2 - SQL Injection via sort Parameter
CVSS 4.7
CVE-2023-1594 HIGH
novel-plus 3.6.2 - SQL Injection via MenuService sort Argument
CVSS 7.3
CVE-2023-1592 MEDIUM
SourceCodester Automatic Question Paper Generator System 1.0 - SQL ...
CVSS 6.3
CVE-2023-1591 MEDIUM
SourceCodester Automatic Question Paper Generator System 1.0 - SQL ...
CVSS 6.3
CVE-2023-1590 MEDIUM
SourceCodester Online Tours & Travels Management System 1.0 - SQL I...
CVSS 6.3
CVE-2023-1589 MEDIUM
SourceCodester Online Tours & Travels Management System 1.0 - SQL I...
CVSS 6.3
CVE-2023-1050 CRITICAL
As Koc Energy Web Report System < 23.03.10 - SQL Injection
CVSS 9.8
CVE-2023-24655 CRITICAL
Simple Customer Relationship Management System 1.0 - SQL Injection via Profile Update Name Parameter
CVSS 9.8
CVE-2023-28663 HIGH
Formidable PRO2PDF <3.11 - Authenticated SQL Injection
CVSS 8.8
CVE-2023-28662 CRITICAL
The Gift Cards <4.3.1 - SQL Injection
CVSS 9.8
CVE-2023-28661 HIGH
WP Popup Banners <1.2.5 - Authenticated SQL Injection
CVSS 8.8
CVE-2023-28660 HIGH
Events Made Easy WP Plugin <=2.3.14 - Authenticated SQL Injection
CVSS 8.8
CVE-2023-28659 HIGH
The Waiting: One-click Countdowns WP Plugin <=0.6.2 - Authenticated...
CVSS 8.8
CVE-2023-28438 MEDIUM
pimcore < 10.5.19 - SQL Injection via Report Endpoint
CVSS 6.2
CVE-2023-1578 HIGH
pimcore < 10.5.19 - SQL Injection
CVSS 8.8
CVE-2023-1571 MEDIUM
DataGear < 4.5.0 - SQL Injection via queryOrder Parameter
CVSS 6.3
CVE-2023-1566 MEDIUM
SourceCodester Medical Certificate Generator App 1.0 - SQL Injection
CVSS 6.3
CVE-2023-27638 CRITICAL
Custom Product Designer 2.1.4 - SQL Injection via tshirtecommerce_design_cart_id Parameter
CVSS 9.8
CVE-2023-27637 CRITICAL
Custom Product Designer 2.1.4 - SQL Injection via designer.php product_id Parameter
CVSS 9.8
Details
Vulnerabilities 19,772
Exploit Likelihood High