CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,774 vulnerabilities with CWE-89
CVE-2023-0913
MEDIUM
Auto Dealer Management System 1.0 - SQL Injection via Sell Vehicle ID Parameter
CVSS 4.7
CVE-2023-0912
MEDIUM
Auto Dealer Management System 1.0 - SQL Injection via id Parameter in view_transaction Page
CVSS 4.7
CVE-2023-0910
MEDIUM
Online Pizza Ordering System 1.0 - SQL Injection via view_prod.php ID Parameter
CVSS 6.3
CVE-2023-0904
MEDIUM
SourceCodester Employee Task Management System 1.0 - SQL Injection via task_id Parameter
CVSS 6.3
CVE-2023-0903
MEDIUM
SourceCodester Employee Task Management System 1.0 - SQL Injection via edit-task.php task_id Parameter
CVSS 5.0
CVE-2023-23279
CRITICAL
Canteen Management System 1.0 - SQL Injection via Order Report Endpoint
CVSS 9.8
CVE-2023-26020
MEDIUM
CrafterCMS 3.1.0-3.1.26 and 4.0.0-4.0.1 - SQL Injection
CVSS 5.7
CVE-2023-0895
HIGH
WP Coder < 2.5.3 - Authenticated Time-Based SQL Injection via ID Parameter
CVSS 7.2
CVE-2023-23007
HIGH
ESPCMS P8.21120101 - Authenticated SQL Injection in Member Add Function
CVSS 7.2
CVE-2023-0883
MEDIUM
Online Pizza Ordering System 1.0 - SQL Injection via ID Parameter in index.php
CVSS 6.3
CVE-2023-24221
CRITICAL
LuckyframeWEB v3.5 - SQL Injection via dataScope Parameter
CVSS 9.8
CVE-2023-24220
CRITICAL
LuckyframeWEB v3.5 - SQL Injection via dataScope Parameter
CVSS 9.8
CVE-2023-24219
CRITICAL
LuckyframeWEB v3.5 - SQL Injection via dataScope Parameter
CVSS 9.8
CVE-2023-23459
CRITICAL
Priority < 22.1 - SQL Injection
CVSS 9.1
CVE-2023-24647
HIGH
Food Ordering System v2.0 - SQL Injection
CVSS 7.5
CVE-2023-24084
CRITICAL
ChiKoi v1.0 - SQL Injection via load_file Function
CVSS 9.8
CVE-2023-23948
MEDIUM
ownCloud Android app <3.0 - SQL Injection
CVSS 6.2
CVE-2023-0784
HIGH
Best Online News Portal 1.0 - SQL Injection via Login Page Username Parameter
CVSS 7.3
CVE-2023-0781
MEDIUM
Canteen Management System 1.0 - SQL Injection via removeOrder.php id Parameter
CVSS 6.3
CVE-2023-23163
CRITICAL
Art Gallery Management System Project 1.0 - SQL Injection via editid Parameter
CVSS 9.8
CVE-2023-23162
CRITICAL
Art Gallery Management System Project 1.0 - SQL Injection via cid Parameter
CVSS 9.8
CVE-2023-0774
HIGH
Medical Certificate Generator App 1.0 - SQL Injection via Lastname Parameter
CVSS 7.3
CVE-2023-0771
HIGH
ampache < 5.5.7 - SQL Injection
CVSS 8.8
CVE-2023-24685
HIGH
ChurchCRM < 4.5.3 - SQL Injection via Event Attendance Reports Event Parameter
CVSS 7.2
CVE-2023-24684
HIGH
ChurchCRM < 4.5.3 - SQL Injection via EID Parameter at GetText.php
CVSS 7.2
Details
Vulnerabilities
19,774
Exploit Likelihood
High