CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,774 vulnerabilities with CWE-89
CVE-2023-1276 MEDIUM
SUL1SS_shop - SQL Injection via Order.php Keyword Parameter
CVSS 4.7
CVE-2023-26922 CRITICAL
Variscite matrix-gui - SQL Injection via shell_exect Parameter
CVSS 9.8
CVE-2023-24773 CRITICAL
funadmin v3.2.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2023-1267 CRITICAL
PtteM Kart < 2.1 - SQL Injection
CVSS 9.8
CVE-2023-24780 CRITICAL
funadmin v3.2.0 - SQL Injection via id Parameter at /databases/table/columns
CVSS 9.8
CVE-2023-24775 CRITICAL
funadmin v3.2.0 - SQL Injection via selectFields Parameter
CVSS 9.8
CVE-2023-25223 HIGH
crmeb_java <= 1.3.4 - SQL Injection via /api/admin/user/list
CVSS 7.2
CVE-2023-24781 CRITICAL
funadmin 3.2.0 - SQL Injection via MemberLevel.php selectFields Parameter
CVSS 9.8
CVE-2023-1253 HIGH
Health Center Patient Record Management System 1.0 - SQL Injection via login.php Username Parameter
CVSS 7.3
CVE-2023-1211 HIGH
phpipam < 1.5.2 - SQL Injection
CVSS 7.2
CVE-2023-24763 HIGH
Xen Forum < 2.13.0 - Authenticated SQL Injection
CVSS 8.8
CVE-2023-24789 HIGH
jeecg-boot <3.4.4 - Authenticated SQL Injection
CVSS 8.8
CVE-2023-0979 CRITICAL
MedDataPACS < 2022-03-03 - SQL Injection
CVSS 9.8
CVE-2023-24643 CRITICAL
Judging Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2023-24642 CRITICAL
Judging Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2023-24641 CRITICAL
Judging Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2023-1165 MEDIUM
crmeb Java 1.3.4 - SQL Injection via /api/admin/system/store/order/list Keywords Parameter
CVSS 5.5
CVE-2023-26780 CRITICAL
CleverStupidDog yf-exam <1.8.0 - SQL Injection
CVSS 9.8
CVE-2023-1151 MEDIUM
SourceCodester Electronic Medical Records System 1.0 - SQL Injection via administrator.php userid Parameter
CVSS 6.3
CVE-2023-1130 MEDIUM
Computer Parts Sales and Inventory System 1.0 - SQL Injection via User Parameter in processlogin
CVSS 6.3
CVE-2023-23315 CRITICAL
stripe_payment_pro < 4.5.5 - Blind SQL Injection via initContent Method
CVSS 9.8
CVE-2023-1064 CRITICAL
Uzay Baskul Weighbridge Automation Software < 1.1 - SQL Injection
CVSS 9.8
CVE-2023-0953 HIGH
Devolutions Server < 2022.3.12 - Authenticated SQL Injection in Documentation Feature
CVSS 8.8
CVE-2023-1100 MEDIUM
Online Catering Reservation System 1.0 - SQL Injection via POST Parameter Handler
CVSS 6.3
CVE-2023-1099 MEDIUM
Online Student Management System 1.0 - SQL Injection via editid Parameter in edit-class-detail.php
CVSS 6.3
Details
Vulnerabilities 19,774
Exploit Likelihood High