CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,779 vulnerabilities with CWE-89
CVE-2022-46808 HIGH
ARMember < 3.4.11 - SQL Injection
CVSS 8.2
CVE-2022-45805 HIGH
Paytm Payment Gateway < 2.7.3 - Authenticated SQL Injection
CVSS 8.2
CVE-2022-47588 MEDIUM
Simple Photo Gallery < 1.8.1 - SQL Injection
CVSS 6.7
CVE-2022-4290 HIGH
Cyr to Lat < 3.7 - Authenticated SQL Injection via ctl_sanitize_title Function
CVSS 8.8
CVE-2022-36276 CRITICAL
TCMAN GIM 8.0.1 - SQL Injection via SqlWhere Parameter in BuscarESM Function
CVSS 9.9
CVE-2022-48604 HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Logging Export Feature
CVSS 8.8
CVE-2022-48603 HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Message Viewer Iframe
CVSS 8.8
CVE-2022-48602 HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Message Viewer Print Feature
CVSS 8.8
CVE-2022-48601 HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Network Print Report Feature
CVSS 8.8
CVE-2022-48600 HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection in Notes View Feature
CVSS 8.8
CVE-2022-48599 HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Reporter Events Type Feature
CVSS 8.8
CVE-2022-48598 HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Reporter Events Type Date Feature
CVSS 8.8
CVE-2022-48597 HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Ticket Event Report Feature
CVSS 8.8
CVE-2022-48596 HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Ticket Queue Watchers Feature
CVSS 8.8
CVE-2022-48595 HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Ticket Template Watchers Feature
CVSS 8.8
CVE-2022-48594 HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Ticket Watchers Email Feature
CVSS 8.8
CVE-2022-48593 HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Topology Data Service
CVSS 8.8
CVE-2022-48592 HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Vendor Country Parameter
CVSS 8.8
CVE-2022-48591 HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Vendor State Parameter
CVSS 8.8
CVE-2022-48590 HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Admin Dynamic App MIB Errors Feature
CVSS 8.8
CVE-2022-48589 HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection in Reporting Job Editor
CVSS 8.8
CVE-2022-48588 HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Schedule Editor Decoupled Feature
CVSS 8.8
CVE-2022-48587 HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Schedule Editor
CVSS 8.8
CVE-2022-48586 HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via JSON Walker Feature
CVSS 8.8
CVE-2022-48585 HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection in Admin Brand Portal
CVSS 8.8
Details
Vulnerabilities 19,779
Exploit Likelihood High