CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,772 vulnerabilities with CWE-89
CVE-2023-1474 MEDIUM
SourceCodester Automatic Question Paper Generator System 1.0 - SQL ...
CVSS 6.3
CVE-2023-1471 HIGH
WP Popup Banners <1.2.5 - SQL Injection
CVSS 8.8
CVE-2023-1468 MEDIUM
SourceCodester Student Study Center Desk Management System 1.0 - SQ...
CVSS 6.3
CVE-2023-1466 MEDIUM
SourceCodester Student Study Center Desk Management System 1.0 - SQ...
CVSS 6.3
CVE-2023-1461 MEDIUM
SourceCodester Canteen Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-1152 CRITICAL
Utarit Persolus < 2.03.93 - SQL Injection
CVSS 9.8
CVE-2023-1459 MEDIUM
SourceCodester Canteen Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-1455 MEDIUM
SourceCodester Online Pizza Ordering System 1.0 - SQL Injection
CVSS 5.6
CVE-2023-1454 MEDIUM
jeecg-boot 3.5.0 - SQL Injection via apiSelectId Parameter
CVSS 6.3
CVE-2023-1441 MEDIUM
SourceCodester Automatic Question Paper Generator System 1.0 - SQL ...
CVSS 6.3
CVE-2023-1440 MEDIUM
SourceCodester Automatic Question Paper Generator System 1.0 - SQL ...
CVSS 6.3
CVE-2023-1439 MEDIUM
SourceCodester Medicine Tracker System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-28108 HIGH
pimcore < 10.5.19 - SQL Injection via UUID DAO Model
CVSS 7.9
CVE-2023-27041 CRITICAL
School Registration and Fee System v1.0 - SQL Injection
CVSS 9.8
CVE-2023-27709 HIGH
dedecms < 5.7.106 - SQL Injection via rank_* Parameter in /dedestory_catalog.php
CVSS 7.2
CVE-2023-27707 HIGH
dedecms < 5.7.106 - SQL Injection via rank_* Parameter in group_store.php
CVSS 7.2
CVE-2023-27037 HIGH
Qibosoft QiboCMS v7 - Remote Code Execution via Get_Title Function in label_set_rs.php
CVSS 8.8
CVE-2023-27250 CRITICAL
Online Book Store Project v1.0 - SQL Injection
CVSS 9.8
CVE-2023-26784 CRITICAL
Kirin Fortress Machine <1.7-2020-0610 - RCE
CVSS 9.8
CVE-2023-1416 MEDIUM
Simple Art Gallery 1.0 - SQL Injection
CVSS 6.3
CVE-2023-1379 MEDIUM
Friendly Island Pizza Website and Ordering System 1.0 - SQL Injection via addmem.php POST Parameter
CVSS 6.3
CVE-2023-24732 HIGH
Simple Customer Relationship Management System 1.0 - SQL Injection via Gender Parameter
CVSS 8.8
CVE-2023-24731 HIGH
Simple Customer Relationship Management System 1.0 - SQL Injection via User Profile Update Query Parameter
CVSS 8.8
CVE-2023-24730 HIGH
Simple Customer Relationship Management System 1.0 - SQL Injection via Company Parameter
CVSS 8.8
CVE-2023-24729 HIGH
Simple Customer Relationship Management System 1.0 - SQL Injection via User Profile Address Parameter
CVSS 8.8
Details
Vulnerabilities 19,772
Exploit Likelihood High