CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,774 vulnerabilities with CWE-89
CVE-2023-24730 HIGH
Simple Customer Relationship Management System 1.0 - SQL Injection via Company Parameter
CVSS 8.8
CVE-2023-24729 HIGH
Simple Customer Relationship Management System 1.0 - SQL Injection via User Profile Address Parameter
CVSS 8.8
CVE-2023-24728 HIGH
Simple Customer Relationship Management System 1.0 - SQL Injection via User Profile Update Contact Parameter
CVSS 8.8
CVE-2023-24726 CRITICAL
Art Gallery Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2023-1407 MEDIUM
SourceCodester Student Study Center Desk Management System 1.0 - SQ...
CVSS 4.7
CVE-2023-25206 HIGH
PrestaShop Advanced Reviews < 3.6.2 - SQL Injection
CVSS 8.8
CVE-2023-27074 CRITICAL
BP Monitoring Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2023-1394 MEDIUM
SourceCodester Online Graduate Tracer System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-27463 HIGH
RUGGEDCOM CROSSBOW < 5.3 - Authenticated SQL Injection via Audit Log Form
CVSS 8.8
CVE-2023-25615 MEDIUM
SAP ABAP Platform 751, 753, 754, 756, 757, 791 - Authenticated SQL Injection
CVSS 6.8
CVE-2023-27052 CRITICAL
E-Commerce System v1.0 - SQL Injection
CVSS 9.8
CVE-2023-25207 CRITICAL
PrestaShop dpd_france < 6.1.3 - SQL Injection via dpdfrance/ajax.php
CVSS 9.8
CVE-2023-1378 MEDIUM
Friendly Island Pizza Website and Ordering System 1.0 - SQL Injection via paypalsuccess.php cusid Parameter
CVSS 6.3
CVE-2023-1368 HIGH
XHCMS 1.0 - SQL Injection via POST Parameter Handler
CVSS 7.3
CVE-2023-1366 MEDIUM
Yoga Class Registration System 1.0 - SQL Injection via admin/categories/manage_category.php id Parameter
CVSS 6.3
CVE-2023-1365 HIGH
Online Pizza Ordering System 1.0 - SQL Injection via Username Parameter in /admin/ajax.php
CVSS 7.3
CVE-2023-1364 MEDIUM
SourceCodester Online Pizza Ordering System 1.0 - SQL Injection via category.php id Parameter
CVSS 6.3
CVE-2023-1361 MEDIUM
bumsys < 2.0.2 - SQL Injection
CVSS 6.5
CVE-2023-1360 MEDIUM
Employee Payslip Generator System 1.2.0 - SQL Injection via Username Parameter in New User Creation
CVSS 4.7
CVE-2023-1358 MEDIUM
Gadget Works Online Ordering System 1.0 - SQL Injection via user_email Parameter
CVSS 6.3
CVE-2023-1357 HIGH
Simple Bakery Shop Management System 1.0 - SQL Injection via Admin Login Username/Password
CVSS 7.3
CVE-2023-1352 MEDIUM
Covid-19 Directory on Vaccination System 1.0 - SQL Injection via txtusername/txtpassword
CVSS 5.6
CVE-2023-1351 MEDIUM
Computer Parts Sales and Inventory System 1.0 - SQL Injection via cust_transac.php phonenumber Parameter
CVSS 6.3
CVE-2023-1198 CRITICAL
Saysis Starcities <= 1.3 - SQL Injection
CVSS 9.8
CVE-2023-1322 MEDIUM
lmxcms 1.41 - SQL Injection via BookAction.class.php Reply Function
CVSS 6.3
Details
Vulnerabilities 19,774
Exploit Likelihood High