CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,774 vulnerabilities with CWE-89
CVE-2023-1276
MEDIUM
SUL1SS_shop - SQL Injection via Order.php Keyword Parameter
CVSS 4.7
CVE-2023-26922
CRITICAL
Variscite matrix-gui - SQL Injection via shell_exect Parameter
CVSS 9.8
CVE-2023-24773
CRITICAL
funadmin v3.2.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2023-1267
CRITICAL
PtteM Kart < 2.1 - SQL Injection
CVSS 9.8
CVE-2023-24780
CRITICAL
funadmin v3.2.0 - SQL Injection via id Parameter at /databases/table/columns
CVSS 9.8
CVE-2023-24775
CRITICAL
funadmin v3.2.0 - SQL Injection via selectFields Parameter
CVSS 9.8
CVE-2023-25223
HIGH
crmeb_java <= 1.3.4 - SQL Injection via /api/admin/user/list
CVSS 7.2
CVE-2023-24781
CRITICAL
funadmin 3.2.0 - SQL Injection via MemberLevel.php selectFields Parameter
CVSS 9.8
CVE-2023-1253
HIGH
Health Center Patient Record Management System 1.0 - SQL Injection via login.php Username Parameter
CVSS 7.3
CVE-2023-1211
HIGH
phpipam < 1.5.2 - SQL Injection
CVSS 7.2
CVE-2023-24763
HIGH
Xen Forum < 2.13.0 - Authenticated SQL Injection
CVSS 8.8
CVE-2023-24789
HIGH
jeecg-boot <3.4.4 - Authenticated SQL Injection
CVSS 8.8
CVE-2023-0979
CRITICAL
MedDataPACS < 2022-03-03 - SQL Injection
CVSS 9.8
CVE-2023-24643
CRITICAL
Judging Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2023-24642
CRITICAL
Judging Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2023-24641
CRITICAL
Judging Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2023-1165
MEDIUM
crmeb Java 1.3.4 - SQL Injection via /api/admin/system/store/order/list Keywords Parameter
CVSS 5.5
CVE-2023-26780
CRITICAL
CleverStupidDog yf-exam <1.8.0 - SQL Injection
CVSS 9.8
CVE-2023-1151
MEDIUM
SourceCodester Electronic Medical Records System 1.0 - SQL Injection via administrator.php userid Parameter
CVSS 6.3
CVE-2023-1130
MEDIUM
Computer Parts Sales and Inventory System 1.0 - SQL Injection via User Parameter in processlogin
CVSS 6.3
CVE-2023-23315
CRITICAL
stripe_payment_pro < 4.5.5 - Blind SQL Injection via initContent Method
CVSS 9.8
CVE-2023-1064
CRITICAL
Uzay Baskul Weighbridge Automation Software < 1.1 - SQL Injection
CVSS 9.8
CVE-2023-0953
HIGH
Devolutions Server < 2022.3.12 - Authenticated SQL Injection in Documentation Feature
CVSS 8.8
CVE-2023-1100
MEDIUM
Online Catering Reservation System 1.0 - SQL Injection via POST Parameter Handler
CVSS 6.3
CVE-2023-1099
MEDIUM
Online Student Management System 1.0 - SQL Injection via editid Parameter in edit-class-detail.php
CVSS 6.3
Details
Vulnerabilities
19,774
Exploit Likelihood
High