CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,774 vulnerabilities with CWE-89
CVE-2023-26550
CRITICAL
BMC Control-M <9.0.20.214 - SQL Injection
CVSS 9.8
CVE-2023-1035
MEDIUM
Clinics Patient Management System 1.0 - SQL Injection via update_user.php user_id Parameter
CVSS 6.3
CVE-2023-26037
HIGH
ZoneMinder <1.36.33, <1.37.33 - SQL Injection
CVSS 8.9
CVE-2023-26034
CRITICAL
ZoneMinder <1.36.33, <1.37.33 - SQL Injection
CVSS 9.6
CVE-2023-26032
HIGH
ZoneMinder <1.36.33-1.37.33 - SQL Injection
CVSS 8.9
CVE-2023-26033
HIGH
Gentoo soko < 1.0.1 - SQL Injection via search_history Cookie
CVSS 7.5
CVE-2023-0997
HIGH
Moosikay E-Commerce System 1.0 - SQL Injection via Order POST Parameter
CVSS 7.3
CVE-2023-26325
HIGH
ReviewX WordPress Plugin - Authenticated SQL Injection
CVSS 8.8
CVE-2023-0986
MEDIUM
Sales Tracker Management System 1.0 - SQL Injection via Edit User ID Parameter
CVSS 6.3
CVE-2023-0982
MEDIUM
Yoga Class Registration System 1.0 - SQL Injection via Add Class Entry id Parameter
CVSS 6.3
CVE-2023-0981
MEDIUM
Yoga Class Registration System 1.0 - SQL Injection via Delete User ID Parameter
CVSS 6.3
CVE-2023-0980
MEDIUM
Yoga Class Registration System 1.0 - SQL Injection via Status Update Handler
CVSS 6.3
CVE-2023-0939
CRITICAL
Online Services Software < 1.17 - SQL Injection
CVSS 9.8
CVE-2023-24812
HIGH
Misskey < 13.3.3 - SQL Injection via Notes Search by Tag API
CVSS 8.8
CVE-2023-25813
CRITICAL
Sequelize < 6.19.1 - SQL Injection via Replacements
CVSS 10.0
CVE-2023-0964
MEDIUM
Sales Tracker Management System 1.0 - SQL Injection via admin/products/view_product.php id Parameter
CVSS 5.0
CVE-2023-0962
MEDIUM
Music Gallery Site 1.0 - SQL Injection via Master.php GET Request Handler
CVSS 6.3
CVE-2023-0961
MEDIUM
Music Gallery Site 1.0 - SQL Injection via view_music_details.php id Parameter
CVSS 6.3
CVE-2023-25157
CRITICAL
GeoServer < 2.18.7 and 2.18.7-2.21.4 - SQL Injection via OGC Filter and CQL Expressions
CVSS 9.8
CVE-2023-25158
CRITICAL
GeoTools < 24.7 and 28.0-28.2 - SQL Injection via OGC Filter Execution
CVSS 9.8
CVE-2023-0946
MEDIUM
Best POS Management System 1.0 - SQL Injection via billing/index.php id Parameter
CVSS 6.3
CVE-2023-0938
MEDIUM
SourceCodester Music Gallery Site 1.0 - SQL Injection via cid Parameter in music_list.php
CVSS 6.3
CVE-2023-26093
CRITICAL
Liima < 1.17.28 - SQL Injection via colToSort in Deployment Filter
CVSS 9.8
CVE-2023-0917
HIGH
Simple Customer Relationship Management System 1.0 - SQL Injection via Password Parameter
CVSS 7.3
CVE-2023-0915
MEDIUM
Auto Dealer Management System 1.0 - SQL Injection via Manage User ID Parameter
CVSS 6.3
Details
Vulnerabilities
19,774
Exploit Likelihood
High