CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,774 vulnerabilities with CWE-89
CVE-2023-1321 MEDIUM
lmxcms 1.41 - SQL Injection via AcquisiAction.class.php update Function
CVSS 6.3
CVE-2023-24774 CRITICAL
funadmin v3.2.0 - SQL Injection via selectFields Parameter
CVSS 9.8
CVE-2023-1311 MEDIUM
Friendly Island Pizza Website and Ordering System 1.0 - SQL Injection via GET Parameter Handler
CVSS 6.3
CVE-2023-1310 MEDIUM
Online Graduate Tracer System 1.0 - SQL Injection via admin/prof.php id Parameter
CVSS 6.3
CVE-2023-1309 MEDIUM
Online Graduate Tracer System 1.0 - SQL Injection via admin/search_it.php input Parameter
CVSS 6.3
CVE-2023-1308 MEDIUM
Online Graduate Tracer System 1.0 - SQL Injection via admin/adminlog.php User Parameter
CVSS 6.3
CVE-2023-1091 CRITICAL
Alpata Licensed Warehousing Automation System <= 2023.1.01 - SQL Injection
CVSS 9.8
CVE-2023-1301 MEDIUM
Friendly Island Pizza Website and Ordering System 1.0 - SQL Injection via deleteorder.php id Parameter
CVSS 6.3
CVE-2023-1300 MEDIUM
COVID 19 Testing Management System 1.0 - SQL Injection via patient-report.php searchdata Parameter
CVSS 6.3
CVE-2023-27214 CRITICAL
Online Student Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2023-27213 CRITICAL
Online Student Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2023-27210 CRITICAL
Online Pizza Ordering System 1.0 - SQL Injection
CVSS 9.8
CVE-2023-27207 CRITICAL
Online Pizza Ordering System 1.0 - SQL Injection
CVSS 9.8
CVE-2023-27205 CRITICAL
Best POS Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2023-27204 CRITICAL
Best POS Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2023-27203 CRITICAL
Best POS Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2023-27202 CRITICAL
Best POS Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2023-1294 HIGH
File Tracker Manager System 1.0 - SQL Injection via Username Parameter
CVSS 7.3
CVE-2023-1293 MEDIUM
Online Graduate Tracer System 1.0 - SQL Injection via admin_cs.php
CVSS 5.0
CVE-2023-1292 MEDIUM
Sales Tracker Management System 1.0 - SQL Injection via delete_client Function
CVSS 6.3
CVE-2023-1291 MEDIUM
Sales Tracker Management System 1.0 - SQL Injection via manage_client.php id Parameter
CVSS 6.3
CVE-2023-1290 MEDIUM
SourceCodester Sales Tracker Management System 1.0 - SQL Injection via admin/clients/view_client.php id Parameter
CVSS 6.3
CVE-2023-1251 CRITICAL
Akinsoft Wolvox < 8.02.03 - SQL Injection
CVSS 9.8
CVE-2023-24777 CRITICAL
funadmin v3.2.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2023-24782 CRITICAL
funadmin 3.2.0 - SQL Injection via id Parameter at /databases/database/edit
CVSS 9.8
Details
Vulnerabilities 19,774
Exploit Likelihood High