CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,774 vulnerabilities with CWE-89
CVE-2023-0913 MEDIUM
Auto Dealer Management System 1.0 - SQL Injection via Sell Vehicle ID Parameter
CVSS 4.7
CVE-2023-0912 MEDIUM
Auto Dealer Management System 1.0 - SQL Injection via id Parameter in view_transaction Page
CVSS 4.7
CVE-2023-0910 MEDIUM
Online Pizza Ordering System 1.0 - SQL Injection via view_prod.php ID Parameter
CVSS 6.3
CVE-2023-0904 MEDIUM
SourceCodester Employee Task Management System 1.0 - SQL Injection via task_id Parameter
CVSS 6.3
CVE-2023-0903 MEDIUM
SourceCodester Employee Task Management System 1.0 - SQL Injection via edit-task.php task_id Parameter
CVSS 5.0
CVE-2023-23279 CRITICAL
Canteen Management System 1.0 - SQL Injection via Order Report Endpoint
CVSS 9.8
CVE-2023-26020 MEDIUM
CrafterCMS 3.1.0-3.1.26 and 4.0.0-4.0.1 - SQL Injection
CVSS 5.7
CVE-2023-0895 HIGH
WP Coder < 2.5.3 - Authenticated Time-Based SQL Injection via ID Parameter
CVSS 7.2
CVE-2023-23007 HIGH
ESPCMS P8.21120101 - Authenticated SQL Injection in Member Add Function
CVSS 7.2
CVE-2023-0883 MEDIUM
Online Pizza Ordering System 1.0 - SQL Injection via ID Parameter in index.php
CVSS 6.3
CVE-2023-24221 CRITICAL
LuckyframeWEB v3.5 - SQL Injection via dataScope Parameter
CVSS 9.8
CVE-2023-24220 CRITICAL
LuckyframeWEB v3.5 - SQL Injection via dataScope Parameter
CVSS 9.8
CVE-2023-24219 CRITICAL
LuckyframeWEB v3.5 - SQL Injection via dataScope Parameter
CVSS 9.8
CVE-2023-23459 CRITICAL
Priority < 22.1 - SQL Injection
CVSS 9.1
CVE-2023-24647 HIGH
Food Ordering System v2.0 - SQL Injection
CVSS 7.5
CVE-2023-24084 CRITICAL
ChiKoi v1.0 - SQL Injection via load_file Function
CVSS 9.8
CVE-2023-23948 MEDIUM
ownCloud Android app <3.0 - SQL Injection
CVSS 6.2
CVE-2023-0784 HIGH
Best Online News Portal 1.0 - SQL Injection via Login Page Username Parameter
CVSS 7.3
CVE-2023-0781 MEDIUM
Canteen Management System 1.0 - SQL Injection via removeOrder.php id Parameter
CVSS 6.3
CVE-2023-23163 CRITICAL
Art Gallery Management System Project 1.0 - SQL Injection via editid Parameter
CVSS 9.8
CVE-2023-23162 CRITICAL
Art Gallery Management System Project 1.0 - SQL Injection via cid Parameter
CVSS 9.8
CVE-2023-0774 HIGH
Medical Certificate Generator App 1.0 - SQL Injection via Lastname Parameter
CVSS 7.3
CVE-2023-0771 HIGH
ampache < 5.5.7 - SQL Injection
CVSS 8.8
CVE-2023-24685 HIGH
ChurchCRM < 4.5.3 - SQL Injection via Event Attendance Reports Event Parameter
CVSS 7.2
CVE-2023-24684 HIGH
ChurchCRM < 4.5.3 - SQL Injection via EID Parameter at GetText.php
CVSS 7.2
Details
Vulnerabilities 19,774
Exploit Likelihood High