CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,774 vulnerabilities with CWE-89
CVE-2023-22794
HIGH
ActiveRecord <6.0.6.1, 6.1.7.1, 7.0.4.1 - SQL Injection via Insufficient Comment Sanitization
CVSS 8.8
CVE-2023-0758
MEDIUM
JFinalOA 1.0.2 - SQL Injection via SysOrg.java id Parameter
CVSS 6.3
CVE-2023-0707
MEDIUM
Medical Certificate Generator App 1.0 - SQL Injection via delete_record Function
CVSS 5.5
CVE-2023-0706
MEDIUM
Medical Certificate Generator App 1.0 - SQL Injection via manage_record.php id Parameter
CVSS 6.3
CVE-2023-0686
MEDIUM
SourceCodester Online Eyewear Shop 1.0 - SQL Injection via cart_id Parameter
CVSS 5.0
CVE-2023-24201
CRITICAL
Raffle Draw System v1.0 - SQL Injection
CVSS 9.8
CVE-2023-24200
CRITICAL
Raffle Draw System v1.0 - SQL Injection
CVSS 9.8
CVE-2023-24199
CRITICAL
Raffle Draw System v1.0 - SQL Injection
CVSS 9.8
CVE-2023-24198
CRITICAL
Raffle Draw System v1.0 - SQL Injection
CVSS 9.8
CVE-2023-0679
MEDIUM
Canteen Management System 1.0 - SQL Injection via removeUser.php id Parameter
CVSS 5.0
CVE-2023-0675
MEDIUM
Calendar Event Management System 2.3.0 - SQL Injection via Start/End Argument
CVSS 6.3
CVE-2023-0673
MEDIUM
SourceCodester Online Eyewear Shop 1.0 - SQL Injection via id Parameter in view_product.php
CVSS 5.0
CVE-2023-0663
HIGH
Calendar Event Management System 2.3.0 - SQL Injection via Login Page Name/Password Parameters
CVSS 7.3
CVE-2023-24956
HIGH
Forget Heart Message Box 1.1 - SQL Injection via Name Parameter
CVSS 8.8
CVE-2023-24241
CRITICAL
Forget Heart Message Box v1.1 - SQL Injection
CVSS 9.8
CVE-2023-24163
CRITICAL
Dromara hutool <5.8.21 - SQL Injection
CVSS 9.8
CVE-2023-22900
CRITICAL
Efence - Unauthenticated SQL Injection via Login Function
CVSS 9.8
CVE-2023-22324
MEDIUM
CONPROSYS HMI System <3.5.0 - SQL Injection
CVSS 6.5
CVE-2023-0570
MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via booking_id Parameter
CVSS 6.3
CVE-2023-0562
HIGH
PHPGurukul Bank Locker Management System 1.0 - SQL Injection via Login Username Parameter
CVSS 7.3
CVE-2023-0561
MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via /user/s.php id Parameter
CVSS 6.3
CVE-2023-0560
MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via admin/practice_pdf.php id Parameter
CVSS 4.7
CVE-2023-0534
MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via admin/expense_report.php to_date Parameter
CVSS 4.7
CVE-2023-0533
MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via from_date Parameter
CVSS 4.7
CVE-2023-0532
MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via admin/disapprove_user.php id Parameter
CVSS 4.7
Details
Vulnerabilities
19,774
Exploit Likelihood
High