CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,779 vulnerabilities with CWE-89
CVE-2022-46808
HIGH
ARMember < 3.4.11 - SQL Injection
CVSS 8.2
CVE-2022-45805
HIGH
Paytm Payment Gateway < 2.7.3 - Authenticated SQL Injection
CVSS 8.2
CVE-2022-47588
MEDIUM
Simple Photo Gallery < 1.8.1 - SQL Injection
CVSS 6.7
CVE-2022-4290
HIGH
Cyr to Lat < 3.7 - Authenticated SQL Injection via ctl_sanitize_title Function
CVSS 8.8
CVE-2022-36276
CRITICAL
TCMAN GIM 8.0.1 - SQL Injection via SqlWhere Parameter in BuscarESM Function
CVSS 9.9
CVE-2022-48604
HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Logging Export Feature
CVSS 8.8
CVE-2022-48603
HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Message Viewer Iframe
CVSS 8.8
CVE-2022-48602
HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Message Viewer Print Feature
CVSS 8.8
CVE-2022-48601
HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Network Print Report Feature
CVSS 8.8
CVE-2022-48600
HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection in Notes View Feature
CVSS 8.8
CVE-2022-48599
HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Reporter Events Type Feature
CVSS 8.8
CVE-2022-48598
HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Reporter Events Type Date Feature
CVSS 8.8
CVE-2022-48597
HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Ticket Event Report Feature
CVSS 8.8
CVE-2022-48596
HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Ticket Queue Watchers Feature
CVSS 8.8
CVE-2022-48595
HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Ticket Template Watchers Feature
CVSS 8.8
CVE-2022-48594
HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Ticket Watchers Email Feature
CVSS 8.8
CVE-2022-48593
HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Topology Data Service
CVSS 8.8
CVE-2022-48592
HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Vendor Country Parameter
CVSS 8.8
CVE-2022-48591
HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Vendor State Parameter
CVSS 8.8
CVE-2022-48590
HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Admin Dynamic App MIB Errors Feature
CVSS 8.8
CVE-2022-48589
HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection in Reporting Job Editor
CVSS 8.8
CVE-2022-48588
HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Schedule Editor Decoupled Feature
CVSS 8.8
CVE-2022-48587
HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Schedule Editor
CVSS 8.8
CVE-2022-48586
HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via JSON Walker Feature
CVSS 8.8
CVE-2022-48585
HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection in Admin Brand Portal
CVSS 8.8
Details
Vulnerabilities
19,779
Exploit Likelihood
High