CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,774 vulnerabilities with CWE-89
CVE-2023-26550 CRITICAL
BMC Control-M <9.0.20.214 - SQL Injection
CVSS 9.8
CVE-2023-1035 MEDIUM
Clinics Patient Management System 1.0 - SQL Injection via update_user.php user_id Parameter
CVSS 6.3
CVE-2023-26037 HIGH
ZoneMinder <1.36.33, <1.37.33 - SQL Injection
CVSS 8.9
CVE-2023-26034 CRITICAL
ZoneMinder <1.36.33, <1.37.33 - SQL Injection
CVSS 9.6
CVE-2023-26032 HIGH
ZoneMinder <1.36.33-1.37.33 - SQL Injection
CVSS 8.9
CVE-2023-26033 HIGH
Gentoo soko < 1.0.1 - SQL Injection via search_history Cookie
CVSS 7.5
CVE-2023-0997 HIGH
Moosikay E-Commerce System 1.0 - SQL Injection via Order POST Parameter
CVSS 7.3
CVE-2023-26325 HIGH
ReviewX WordPress Plugin - Authenticated SQL Injection
CVSS 8.8
CVE-2023-0986 MEDIUM
Sales Tracker Management System 1.0 - SQL Injection via Edit User ID Parameter
CVSS 6.3
CVE-2023-0982 MEDIUM
Yoga Class Registration System 1.0 - SQL Injection via Add Class Entry id Parameter
CVSS 6.3
CVE-2023-0981 MEDIUM
Yoga Class Registration System 1.0 - SQL Injection via Delete User ID Parameter
CVSS 6.3
CVE-2023-0980 MEDIUM
Yoga Class Registration System 1.0 - SQL Injection via Status Update Handler
CVSS 6.3
CVE-2023-0939 CRITICAL
Online Services Software < 1.17 - SQL Injection
CVSS 9.8
CVE-2023-24812 HIGH
Misskey < 13.3.3 - SQL Injection via Notes Search by Tag API
CVSS 8.8
CVE-2023-25813 CRITICAL
Sequelize < 6.19.1 - SQL Injection via Replacements
CVSS 10.0
CVE-2023-0964 MEDIUM
Sales Tracker Management System 1.0 - SQL Injection via admin/products/view_product.php id Parameter
CVSS 5.0
CVE-2023-0962 MEDIUM
Music Gallery Site 1.0 - SQL Injection via Master.php GET Request Handler
CVSS 6.3
CVE-2023-0961 MEDIUM
Music Gallery Site 1.0 - SQL Injection via view_music_details.php id Parameter
CVSS 6.3
CVE-2023-25157 CRITICAL
GeoServer < 2.18.7 and 2.18.7-2.21.4 - SQL Injection via OGC Filter and CQL Expressions
CVSS 9.8
CVE-2023-25158 CRITICAL
GeoTools < 24.7 and 28.0-28.2 - SQL Injection via OGC Filter Execution
CVSS 9.8
CVE-2023-0946 MEDIUM
Best POS Management System 1.0 - SQL Injection via billing/index.php id Parameter
CVSS 6.3
CVE-2023-0938 MEDIUM
SourceCodester Music Gallery Site 1.0 - SQL Injection via cid Parameter in music_list.php
CVSS 6.3
CVE-2023-26093 CRITICAL
Liima < 1.17.28 - SQL Injection via colToSort in Deployment Filter
CVSS 9.8
CVE-2023-0917 HIGH
Simple Customer Relationship Management System 1.0 - SQL Injection via Password Parameter
CVSS 7.3
CVE-2023-0915 MEDIUM
Auto Dealer Management System 1.0 - SQL Injection via Manage User ID Parameter
CVSS 6.3
Details
Vulnerabilities 19,774
Exploit Likelihood High