CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,772 vulnerabilities with CWE-89
CVE-2023-1474
MEDIUM
SourceCodester Automatic Question Paper Generator System 1.0 - SQL ...
CVSS 6.3
CVE-2023-1471
HIGH
WP Popup Banners <1.2.5 - SQL Injection
CVSS 8.8
CVE-2023-1468
MEDIUM
SourceCodester Student Study Center Desk Management System 1.0 - SQ...
CVSS 6.3
CVE-2023-1466
MEDIUM
SourceCodester Student Study Center Desk Management System 1.0 - SQ...
CVSS 6.3
CVE-2023-1461
MEDIUM
SourceCodester Canteen Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-1152
CRITICAL
Utarit Persolus < 2.03.93 - SQL Injection
CVSS 9.8
CVE-2023-1459
MEDIUM
SourceCodester Canteen Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-1455
MEDIUM
SourceCodester Online Pizza Ordering System 1.0 - SQL Injection
CVSS 5.6
CVE-2023-1454
MEDIUM
jeecg-boot 3.5.0 - SQL Injection via apiSelectId Parameter
CVSS 6.3
CVE-2023-1441
MEDIUM
SourceCodester Automatic Question Paper Generator System 1.0 - SQL ...
CVSS 6.3
CVE-2023-1440
MEDIUM
SourceCodester Automatic Question Paper Generator System 1.0 - SQL ...
CVSS 6.3
CVE-2023-1439
MEDIUM
SourceCodester Medicine Tracker System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-28108
HIGH
pimcore < 10.5.19 - SQL Injection via UUID DAO Model
CVSS 7.9
CVE-2023-27041
CRITICAL
School Registration and Fee System v1.0 - SQL Injection
CVSS 9.8
CVE-2023-27709
HIGH
dedecms < 5.7.106 - SQL Injection via rank_* Parameter in /dedestory_catalog.php
CVSS 7.2
CVE-2023-27707
HIGH
dedecms < 5.7.106 - SQL Injection via rank_* Parameter in group_store.php
CVSS 7.2
CVE-2023-27037
HIGH
Qibosoft QiboCMS v7 - Remote Code Execution via Get_Title Function in label_set_rs.php
CVSS 8.8
CVE-2023-27250
CRITICAL
Online Book Store Project v1.0 - SQL Injection
CVSS 9.8
CVE-2023-26784
CRITICAL
Kirin Fortress Machine <1.7-2020-0610 - RCE
CVSS 9.8
CVE-2023-1416
MEDIUM
Simple Art Gallery 1.0 - SQL Injection
CVSS 6.3
CVE-2023-1379
MEDIUM
Friendly Island Pizza Website and Ordering System 1.0 - SQL Injection via addmem.php POST Parameter
CVSS 6.3
CVE-2023-24732
HIGH
Simple Customer Relationship Management System 1.0 - SQL Injection via Gender Parameter
CVSS 8.8
CVE-2023-24731
HIGH
Simple Customer Relationship Management System 1.0 - SQL Injection via User Profile Update Query Parameter
CVSS 8.8
CVE-2023-24730
HIGH
Simple Customer Relationship Management System 1.0 - SQL Injection via Company Parameter
CVSS 8.8
CVE-2023-24729
HIGH
Simple Customer Relationship Management System 1.0 - SQL Injection via User Profile Address Parameter
CVSS 8.8
Details
Vulnerabilities
19,772
Exploit Likelihood
High