CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,774 vulnerabilities with CWE-89
CVE-2023-1321
MEDIUM
lmxcms 1.41 - SQL Injection via AcquisiAction.class.php update Function
CVSS 6.3
CVE-2023-24774
CRITICAL
funadmin v3.2.0 - SQL Injection via selectFields Parameter
CVSS 9.8
CVE-2023-1311
MEDIUM
Friendly Island Pizza Website and Ordering System 1.0 - SQL Injection via GET Parameter Handler
CVSS 6.3
CVE-2023-1310
MEDIUM
Online Graduate Tracer System 1.0 - SQL Injection via admin/prof.php id Parameter
CVSS 6.3
CVE-2023-1309
MEDIUM
Online Graduate Tracer System 1.0 - SQL Injection via admin/search_it.php input Parameter
CVSS 6.3
CVE-2023-1308
MEDIUM
Online Graduate Tracer System 1.0 - SQL Injection via admin/adminlog.php User Parameter
CVSS 6.3
CVE-2023-1091
CRITICAL
Alpata Licensed Warehousing Automation System <= 2023.1.01 - SQL Injection
CVSS 9.8
CVE-2023-1301
MEDIUM
Friendly Island Pizza Website and Ordering System 1.0 - SQL Injection via deleteorder.php id Parameter
CVSS 6.3
CVE-2023-1300
MEDIUM
COVID 19 Testing Management System 1.0 - SQL Injection via patient-report.php searchdata Parameter
CVSS 6.3
CVE-2023-27214
CRITICAL
Online Student Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2023-27213
CRITICAL
Online Student Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2023-27210
CRITICAL
Online Pizza Ordering System 1.0 - SQL Injection
CVSS 9.8
CVE-2023-27207
CRITICAL
Online Pizza Ordering System 1.0 - SQL Injection
CVSS 9.8
CVE-2023-27205
CRITICAL
Best POS Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2023-27204
CRITICAL
Best POS Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2023-27203
CRITICAL
Best POS Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2023-27202
CRITICAL
Best POS Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2023-1294
HIGH
File Tracker Manager System 1.0 - SQL Injection via Username Parameter
CVSS 7.3
CVE-2023-1293
MEDIUM
Online Graduate Tracer System 1.0 - SQL Injection via admin_cs.php
CVSS 5.0
CVE-2023-1292
MEDIUM
Sales Tracker Management System 1.0 - SQL Injection via delete_client Function
CVSS 6.3
CVE-2023-1291
MEDIUM
Sales Tracker Management System 1.0 - SQL Injection via manage_client.php id Parameter
CVSS 6.3
CVE-2023-1290
MEDIUM
SourceCodester Sales Tracker Management System 1.0 - SQL Injection via admin/clients/view_client.php id Parameter
CVSS 6.3
CVE-2023-1251
CRITICAL
Akinsoft Wolvox < 8.02.03 - SQL Injection
CVSS 9.8
CVE-2023-24777
CRITICAL
funadmin v3.2.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2023-24782
CRITICAL
funadmin 3.2.0 - SQL Injection via id Parameter at /databases/database/edit
CVSS 9.8
Details
Vulnerabilities
19,774
Exploit Likelihood
High