CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,774 vulnerabilities with CWE-89
CVE-2023-22794 HIGH
ActiveRecord <6.0.6.1, 6.1.7.1, 7.0.4.1 - SQL Injection via Insufficient Comment Sanitization
CVSS 8.8
CVE-2023-0758 MEDIUM
JFinalOA 1.0.2 - SQL Injection via SysOrg.java id Parameter
CVSS 6.3
CVE-2023-0707 MEDIUM
Medical Certificate Generator App 1.0 - SQL Injection via delete_record Function
CVSS 5.5
CVE-2023-0706 MEDIUM
Medical Certificate Generator App 1.0 - SQL Injection via manage_record.php id Parameter
CVSS 6.3
CVE-2023-0686 MEDIUM
SourceCodester Online Eyewear Shop 1.0 - SQL Injection via cart_id Parameter
CVSS 5.0
CVE-2023-24201 CRITICAL
Raffle Draw System v1.0 - SQL Injection
CVSS 9.8
CVE-2023-24200 CRITICAL
Raffle Draw System v1.0 - SQL Injection
CVSS 9.8
CVE-2023-24199 CRITICAL
Raffle Draw System v1.0 - SQL Injection
CVSS 9.8
CVE-2023-24198 CRITICAL
Raffle Draw System v1.0 - SQL Injection
CVSS 9.8
CVE-2023-0679 MEDIUM
Canteen Management System 1.0 - SQL Injection via removeUser.php id Parameter
CVSS 5.0
CVE-2023-0675 MEDIUM
Calendar Event Management System 2.3.0 - SQL Injection via Start/End Argument
CVSS 6.3
CVE-2023-0673 MEDIUM
SourceCodester Online Eyewear Shop 1.0 - SQL Injection via id Parameter in view_product.php
CVSS 5.0
CVE-2023-0663 HIGH
Calendar Event Management System 2.3.0 - SQL Injection via Login Page Name/Password Parameters
CVSS 7.3
CVE-2023-24956 HIGH
Forget Heart Message Box 1.1 - SQL Injection via Name Parameter
CVSS 8.8
CVE-2023-24241 CRITICAL
Forget Heart Message Box v1.1 - SQL Injection
CVSS 9.8
CVE-2023-24163 CRITICAL
Dromara hutool <5.8.21 - SQL Injection
CVSS 9.8
CVE-2023-22900 CRITICAL
Efence - Unauthenticated SQL Injection via Login Function
CVSS 9.8
CVE-2023-22324 MEDIUM
CONPROSYS HMI System <3.5.0 - SQL Injection
CVSS 6.5
CVE-2023-0570 MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via booking_id Parameter
CVSS 6.3
CVE-2023-0562 HIGH
PHPGurukul Bank Locker Management System 1.0 - SQL Injection via Login Username Parameter
CVSS 7.3
CVE-2023-0561 MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via /user/s.php id Parameter
CVSS 6.3
CVE-2023-0560 MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via admin/practice_pdf.php id Parameter
CVSS 4.7
CVE-2023-0534 MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via admin/expense_report.php to_date Parameter
CVSS 4.7
CVE-2023-0533 MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via from_date Parameter
CVSS 4.7
CVE-2023-0532 MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via admin/disapprove_user.php id Parameter
CVSS 4.7
Details
Vulnerabilities 19,774
Exploit Likelihood High