CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,779 vulnerabilities with CWE-89
CVE-2022-28132 HIGH
T-Soft E-Commerce 4 - SQL Injection
CVSS 7.2
CVE-2022-47151 HIGH
JS Help Desk <2.7.1 - SQL Injection
CVSS 8.6
CVE-2022-43216 CRITICAL
AbrhilSoft Employee's Portal <5.6.2 - SQL Injection
CVSS 9.1
CVE-2022-4963 MEDIUM
Folio Spring Module Core < 2.0.0 - SQL Injection in Schema Name Handler
CVSS 5.5
CVE-2022-46499 HIGH
Hospital Management System 1.0 - SQL Injection
CVSS 8.8
CVE-2022-46498 LOW
Hospital Management System 1.0 - SQL Injection
CVSS 2.7
CVE-2022-46497 HIGH
Hospital Management System 1.0 - SQL Injection
CVSS 8.1
CVE-2022-43842 HIGH
IBM Aspera Console <3.4.2 - SQL Injection
CVSS 8.6
CVE-2022-47072 CRITICAL
Enterprise Architect <16.0.1605 - SQL Injection
CVSS 9.8
CVE-2022-3764 HIGH
Form Vibes < 1.4.6 - SQL Injection via Delete Entries Parameter
CVSS 7.2
CVE-2022-4961 MEDIUM
Weitong Mall 1.0.0 - SQL Injection via OrderDao.xml sidx/order Parameter
CVSS 5.5
CVE-2022-39822 HIGH
Nokia Network Functions Manager for Transport R19.9 - Authenticated SQL Injection via id or host Parameter
CVSS 8.8
CVE-2022-47532 CRITICAL
FileRun 20220519 - SQL Injection via dir Parameter
CVSS 9.8
CVE-2022-45135 CRITICAL
Apache Cocoon 2.2.0-2.2.9 - SQL Injection
CVSS 9.8
CVE-2022-47432 MEDIUM
Shortcode IMDB < 6.0.8 - SQL Injection
CVSS 6.7
CVE-2022-47430 MEDIUM
The School Management - Education & Learning Management <= 4.1 - SQL Injection
CVSS 6.7
CVE-2022-47428 MEDIUM
WpDevArt Booking calendar, Appointment Booking System <= 3.2.7 - SQL Injection
CVSS 6.7
CVE-2022-47420 MEDIUM
Accessibility Suite by Online ADA < 4.12 - SQL Injection
CVSS 6.4
CVE-2022-46860 HIGH
KaizenCoders Short URL <1.6.4 - SQL Injection
CVSS 8.5
CVE-2022-46849 HIGH
Weblizar Coming Soon Page - SQL Injection
CVSS 7.6
CVE-2022-45373 HIGH
Slimstat Analytics <= 5.0.4 - SQL Injection
CVSS 8.8
CVE-2022-46818 HIGH
Gopi Ramasamy Email <6.2 - SQL Injection
CVSS 8.2
CVE-2022-47445 HIGH
Be POPIA Compliant < 1.2.0 - SQL Injection
CVSS 8.2
CVE-2022-47426 MEDIUM
Neshan Maps < 1.1.4 - SQL Injection
CVSS 6.0
CVE-2022-46859 HIGH
Spiffy Calendar <4.9.1 - SQL Injection
CVSS 8.5
Details
Vulnerabilities 19,779
Exploit Likelihood High