CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,779 vulnerabilities with CWE-89
CVE-2022-47614
HIGH
MStore API <= 3.9.7 - Unauthenticated SQL Injection
CVSS 7.5
CVE-2022-47593
HIGH
RapidLoad Power-Up for Autoptimize <= 1.6.35 - Authenticated SQL Injection
CVSS 8.5
CVE-2022-47586
HIGH
Ultimate Addons for Contact Form 7 <= 3.1.23 - Unauthenticated SQL Injection
CVSS 8.2
CVE-2022-24628
HIGH
AudioCodes Device Manager Express < 7.8.20002.47752 - SQL Injection via IPPhoneFirmwareEdit.php
CVSS 7.2
CVE-2022-24627
CRITICAL
AudioCodes Device Manager Express <7.8.20002.47752 - SQL Injection
CVSS 9.8
CVE-2022-30025
MEDIUM
Credence Analytics iDEAL Wealth and Funds 1.0 - Authenticated SQL Injection via v Parameter
CVSS 6.5
CVE-2022-47984
MEDIUM
IBM InfoSphere Information Server 11.7 - SQL Injection
CVSS 6.3
CVE-2022-4118
CRITICAL
Bitcoin / AltCoin Payment Gateway for WooCommerce < 1.7.1 - Authenticated SQL Injection
CVSS 9.8
CVE-2022-4259
HIGH
Nozomi Networks CMC and Guardian < 22.5.2 - Authenticated SQL Injection via Alerts Controller
CVSS 8.8
CVE-2022-45030
HIGH
rConfig 3.9.7 - SQL Injection via Command Parameter in ajaxCompareGetCmdDates
CVSS 8.8
CVE-2022-47605
MEDIUM
Custom 404 Pro <= 3.7.0 - Authenticated SQL Injection
CVSS 6.4
CVE-2022-27485
MEDIUM
FortiSandbox 3.0.x-3.2.3, 4.0.0-4.0.2, 4.2.0 - Authenticated SQL Injection
CVSS 6.5
CVE-2022-31890
CRITICAL
osTicket-plugins audit_log < 2022-04-21 - SQL Injection via order Parameter in getOrder Function
CVSS 9.8
CVE-2022-4935
HIGH
WCFM Marketplace < 3.4.12 - Authenticated Missing Authorization via AJAX Actions
CVSS 8.8
CVE-2022-38923
CRITICAL
BluePage CMS < 3.9 - SQL Injection via User-Agent Header
CVSS 9.8
CVE-2022-38922
CRITICAL
BluePage CMS < 3.9 - SQL Injection via Users-Cookie-Settings Token
CVSS 9.8
CVE-2022-46021
HIGH
x-man 1.0 - SQL Injection
CVSS 7.5
CVE-2022-45355
HIGH
ThimPress WP Pipes <= 1.33 - Authenticated SQL Injection
CVSS 8.2
CVE-2022-42429
HIGH
Centreon < 21.04.19 - Authenticated SQL Injection via Poller Broker Configuration
CVSS 8.8
CVE-2022-42428
HIGH
Centreon < 21.04.19 - Authenticated SQL Injection via Poller Broker Configuration
CVSS 8.8
CVE-2022-42427
HIGH
Centreon < 21.10.11 - Authenticated SQL Injection via Contact Groups Configuration
CVSS 8.8
CVE-2022-42426
HIGH
Centreon < 21.04.19 - Authenticated SQL Injection via Poller Broker Configuration
CVSS 8.8
CVE-2022-42425
HIGH
Centreon < 21.04.19 - Authenticated SQL Injection via Poller Broker Configuration
CVSS 8.8
CVE-2022-42424
HIGH
Centreon < 21.04.19 - Authenticated SQL Injection via Poller Broker Configuration
CVSS 8.8
CVE-2022-36979
CRITICAL
Ivanti Avalanche 6.3.2.3490-<6.3.4 - Authenticated SQL Injection via AvalancheDaoSupport Class
CVSS 9.8
Details
Vulnerabilities
19,779
Exploit Likelihood
High