CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,774 vulnerabilities with CWE-89
CVE-2023-24730
HIGH
Simple Customer Relationship Management System 1.0 - SQL Injection via Company Parameter
CVSS 8.8
CVE-2023-24729
HIGH
Simple Customer Relationship Management System 1.0 - SQL Injection via User Profile Address Parameter
CVSS 8.8
CVE-2023-24728
HIGH
Simple Customer Relationship Management System 1.0 - SQL Injection via User Profile Update Contact Parameter
CVSS 8.8
CVE-2023-24726
CRITICAL
Art Gallery Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2023-1407
MEDIUM
SourceCodester Student Study Center Desk Management System 1.0 - SQ...
CVSS 4.7
CVE-2023-25206
HIGH
PrestaShop Advanced Reviews < 3.6.2 - SQL Injection
CVSS 8.8
CVE-2023-27074
CRITICAL
BP Monitoring Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2023-1394
MEDIUM
SourceCodester Online Graduate Tracer System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-27463
HIGH
RUGGEDCOM CROSSBOW < 5.3 - Authenticated SQL Injection via Audit Log Form
CVSS 8.8
CVE-2023-25615
MEDIUM
SAP ABAP Platform 751, 753, 754, 756, 757, 791 - Authenticated SQL Injection
CVSS 6.8
CVE-2023-27052
CRITICAL
E-Commerce System v1.0 - SQL Injection
CVSS 9.8
CVE-2023-25207
CRITICAL
PrestaShop dpd_france < 6.1.3 - SQL Injection via dpdfrance/ajax.php
CVSS 9.8
CVE-2023-1378
MEDIUM
Friendly Island Pizza Website and Ordering System 1.0 - SQL Injection via paypalsuccess.php cusid Parameter
CVSS 6.3
CVE-2023-1368
HIGH
XHCMS 1.0 - SQL Injection via POST Parameter Handler
CVSS 7.3
CVE-2023-1366
MEDIUM
Yoga Class Registration System 1.0 - SQL Injection via admin/categories/manage_category.php id Parameter
CVSS 6.3
CVE-2023-1365
HIGH
Online Pizza Ordering System 1.0 - SQL Injection via Username Parameter in /admin/ajax.php
CVSS 7.3
CVE-2023-1364
MEDIUM
SourceCodester Online Pizza Ordering System 1.0 - SQL Injection via category.php id Parameter
CVSS 6.3
CVE-2023-1361
MEDIUM
bumsys < 2.0.2 - SQL Injection
CVSS 6.5
CVE-2023-1360
MEDIUM
Employee Payslip Generator System 1.2.0 - SQL Injection via Username Parameter in New User Creation
CVSS 4.7
CVE-2023-1358
MEDIUM
Gadget Works Online Ordering System 1.0 - SQL Injection via user_email Parameter
CVSS 6.3
CVE-2023-1357
HIGH
Simple Bakery Shop Management System 1.0 - SQL Injection via Admin Login Username/Password
CVSS 7.3
CVE-2023-1352
MEDIUM
Covid-19 Directory on Vaccination System 1.0 - SQL Injection via txtusername/txtpassword
CVSS 5.6
CVE-2023-1351
MEDIUM
Computer Parts Sales and Inventory System 1.0 - SQL Injection via cust_transac.php phonenumber Parameter
CVSS 6.3
CVE-2023-1198
CRITICAL
Saysis Starcities <= 1.3 - SQL Injection
CVSS 9.8
CVE-2023-1322
MEDIUM
lmxcms 1.41 - SQL Injection via BookAction.class.php Reply Function
CVSS 6.3
Details
Vulnerabilities
19,774
Exploit Likelihood
High