CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,774 vulnerabilities with CWE-89
CVE-2023-25432 HIGH
Online Reviewer Management System 1.0 - SQL Injection via course-update.php
CVSS 7.2
CVE-2023-24258 CRITICAL
SPIP < 4.1.5 - SQL Injection via _oups Parameter
CVSS 9.8
CVE-2023-24253 CRITICAL
Domotica Labs srl Ikon Server <2.8.6 - SQL Injection
CVSS 9.8
CVE-2023-24656 HIGH
Simple Customer Relationship Management System 1.0 - SQL Injection via Create Ticket Subject Parameter
CVSS 8.8
CVE-2023-24654 HIGH
Simple Customer Relationship Management System 1.0 - SQL Injection via Request a Quote Name Parameter
CVSS 8.8
CVE-2023-24653 HIGH
Simple Customer Relationship Management System 1.0 - SQL Injection via Change Password oldpass Parameter
CVSS 8.8
CVE-2023-24652 HIGH
Simple Customer Relationship Management System 1.0 - SQL Injection via Create Ticket Description Parameter
CVSS 8.8
CVE-2023-24364 HIGH
Simple Customer Relationship Management System 1.0 - SQL Injection via Admin Panel Username Parameter
CVSS 8.8
CVE-2023-23156 CRITICAL
Art Gallery Management System Project in PHP 1.0 - SQL Injection via pid Parameter
CVSS 9.8
CVE-2023-23155 CRITICAL
Art Gallery Management System Project in PHP 1.0 - SQL Injection via Admin Login Username Parameter
CVSS 9.8
CVE-2023-0487 HIGH
My Sticky Elements < 2.0.9 - Authenticated SQL Injection via Message Deletion Parameter
CVSS 7.2
CVE-2023-24206 CRITICAL
davinci v0.3.0-rc - SQL Injection via copyDisplay Function
CVSS 9.8
CVE-2023-1063 MEDIUM
Doctors Appointment System 1.0 - SQL Injection via /admin/patient.php Search Parameter
CVSS 6.3
CVE-2023-1062 MEDIUM
Doctors Appointment System 1.0 - SQL Injection via Email Parameter in Admin Add-New Endpoint
CVSS 6.3
CVE-2023-1061 MEDIUM
Doctors Appointment System 1.0 - SQL Injection via Email Parameter in Edit Doctor Endpoint
CVSS 6.3
CVE-2023-1059 MEDIUM
Doctors Appointment System 1.0 - SQL Injection via search/id Parameter
CVSS 6.3
CVE-2023-1058 HIGH
Doctors Appointment System 1.0 - SQL Injection via create-account.php newemail Parameter
CVSS 7.3
CVE-2023-1057 MEDIUM
Doctors Appointment System 1.0 - SQL Injection via login.php usermail Parameter
CVSS 5.5
CVE-2023-1056 MEDIUM
Doctors Appointment System 1.0 - SQL Injection via search12 Parameter
CVSS 6.3
CVE-2023-1054 MEDIUM
SourceCodester Music Gallery Site 1.0 - SQL Injection via /admin/?page=user/manage id Parameter
CVSS 4.7
CVE-2023-1053 MEDIUM
SourceCodester Music Gallery Site 1.0 - SQL Injection via view_category.php id Parameter
CVSS 4.7
CVE-2023-1040 MEDIUM
Online Graduate Tracer System 1.0 - SQL Injection via tracking/admin/add_acc.php id Parameter
CVSS 6.3
CVE-2023-1039 HIGH
Class and Exam Timetabling System 1.0 - SQL Injection via POST Parameter Handler
CVSS 7.3
CVE-2023-1038 MEDIUM
Online Reviewer Management System 1.0 - SQL Injection via questions-view.php id Parameter
CVSS 6.3
CVE-2023-1037 HIGH
Dental Clinic Appointment Reservation System 1.0 - SQL Injection via login.php Username Parameter
CVSS 7.3
Details
Vulnerabilities 19,774
Exploit Likelihood High