CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,774 vulnerabilities with CWE-89
CVE-2023-25432
HIGH
Online Reviewer Management System 1.0 - SQL Injection via course-update.php
CVSS 7.2
CVE-2023-24258
CRITICAL
SPIP < 4.1.5 - SQL Injection via _oups Parameter
CVSS 9.8
CVE-2023-24253
CRITICAL
Domotica Labs srl Ikon Server <2.8.6 - SQL Injection
CVSS 9.8
CVE-2023-24656
HIGH
Simple Customer Relationship Management System 1.0 - SQL Injection via Create Ticket Subject Parameter
CVSS 8.8
CVE-2023-24654
HIGH
Simple Customer Relationship Management System 1.0 - SQL Injection via Request a Quote Name Parameter
CVSS 8.8
CVE-2023-24653
HIGH
Simple Customer Relationship Management System 1.0 - SQL Injection via Change Password oldpass Parameter
CVSS 8.8
CVE-2023-24652
HIGH
Simple Customer Relationship Management System 1.0 - SQL Injection via Create Ticket Description Parameter
CVSS 8.8
CVE-2023-24364
HIGH
Simple Customer Relationship Management System 1.0 - SQL Injection via Admin Panel Username Parameter
CVSS 8.8
CVE-2023-23156
CRITICAL
Art Gallery Management System Project in PHP 1.0 - SQL Injection via pid Parameter
CVSS 9.8
CVE-2023-23155
CRITICAL
Art Gallery Management System Project in PHP 1.0 - SQL Injection via Admin Login Username Parameter
CVSS 9.8
CVE-2023-0487
HIGH
My Sticky Elements < 2.0.9 - Authenticated SQL Injection via Message Deletion Parameter
CVSS 7.2
CVE-2023-24206
CRITICAL
davinci v0.3.0-rc - SQL Injection via copyDisplay Function
CVSS 9.8
CVE-2023-1063
MEDIUM
Doctors Appointment System 1.0 - SQL Injection via /admin/patient.php Search Parameter
CVSS 6.3
CVE-2023-1062
MEDIUM
Doctors Appointment System 1.0 - SQL Injection via Email Parameter in Admin Add-New Endpoint
CVSS 6.3
CVE-2023-1061
MEDIUM
Doctors Appointment System 1.0 - SQL Injection via Email Parameter in Edit Doctor Endpoint
CVSS 6.3
CVE-2023-1059
MEDIUM
Doctors Appointment System 1.0 - SQL Injection via search/id Parameter
CVSS 6.3
CVE-2023-1058
HIGH
Doctors Appointment System 1.0 - SQL Injection via create-account.php newemail Parameter
CVSS 7.3
CVE-2023-1057
MEDIUM
Doctors Appointment System 1.0 - SQL Injection via login.php usermail Parameter
CVSS 5.5
CVE-2023-1056
MEDIUM
Doctors Appointment System 1.0 - SQL Injection via search12 Parameter
CVSS 6.3
CVE-2023-1054
MEDIUM
SourceCodester Music Gallery Site 1.0 - SQL Injection via /admin/?page=user/manage id Parameter
CVSS 4.7
CVE-2023-1053
MEDIUM
SourceCodester Music Gallery Site 1.0 - SQL Injection via view_category.php id Parameter
CVSS 4.7
CVE-2023-1040
MEDIUM
Online Graduate Tracer System 1.0 - SQL Injection via tracking/admin/add_acc.php id Parameter
CVSS 6.3
CVE-2023-1039
HIGH
Class and Exam Timetabling System 1.0 - SQL Injection via POST Parameter Handler
CVSS 7.3
CVE-2023-1038
MEDIUM
Online Reviewer Management System 1.0 - SQL Injection via questions-view.php id Parameter
CVSS 6.3
CVE-2023-1037
HIGH
Dental Clinic Appointment Reservation System 1.0 - SQL Injection via login.php Username Parameter
CVSS 7.3
Details
Vulnerabilities
19,774
Exploit Likelihood
High