CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,779 vulnerabilities with CWE-89
CVE-2022-36976 CRITICAL
Ivanti Avalanche 6.3.2.3490-6.3.4 - SQL Injection via GroupDaoImpl
CVSS 9.8
CVE-2022-36975 CRITICAL
Ivanti Avalanche 6.3.2.3490-<6.3.4 - Authentication Bypass via SQL Injection in ProfileDaoImpl
CVSS 9.8
CVE-2022-36973 HIGH
Ivanti Avalanche 6.3.2.3490-6.3.4 - Authenticated SQL Injection via ProfileDaoImpl
CVSS 8.8
CVE-2022-36972 CRITICAL
Ivanti Avalanche 6.3.2.3490-6.3.4 - SQL Injection via ProfileDaoImpl
CVSS 9.8
CVE-2022-4933 MEDIUM
dolibarr_module_quicksupplierprice < 1.1.7 - SQL Injection via upatePrice Function
CVSS 6.3
CVE-2022-44580 CRITICAL
RichPlugins Plugin for Google Reviews <= 2.2.3 - SQL Injection
CVSS 9.1
CVE-2022-38074 HIGH
VeronaLabs WP Statistics <= 13.2.10 - SQL Injection
CVSS 7.1
CVE-2022-3760 CRITICAL
Mia Technology Mia-Med < 1.0.0.58 - SQL Injection
CVSS 9.8
CVE-2022-46501 CRITICAL
Accruent LLC Maintenance Connection <2022.2 - SQL Injection
CVSS 9.8
CVE-2022-34909 HIGH
aremis_4_nomads < 1.5.1 - SQL Injection
CVSS 7.7
CVE-2022-2504 CRITICAL
SDD-Baro < 2.8.432 - SQL Injection
CVSS 9.8
CVE-2022-48149 CRITICAL
Online Student Admission System 1.0 - SQL Injection via Username Parameter
CVSS 9.8
CVE-2022-45677 CRITICAL
Tution Management System - SQL Injection via Email Parameter
CVSS 9.8
CVE-2022-45564 CRITICAL
znfit Home improvement ERP management system V50_20220207 v42 - SQL Injection via userCode Parameter
CVSS 9.8
CVE-2022-40032 CRITICAL
Simple Task Managing System 1.0 - SQL Injection via login.php Username and Password Parameters
CVSS 9.8
CVE-2022-40347 CRITICAL
Intern Record System 1.0 - SQL Injection via Phone/Email/DeptType/Name Parameters
CVSS 9.8
CVE-2022-38868 HIGH
Ehoney 2.0.0 - SQL Injection in models/protocol.go and models/images.go
CVSS 7.2
CVE-2022-38867 HIGH
rttys 4.0.0-4.0.2 and 4.4.x - SQL Injection in api.go
CVSS 8.8
CVE-2022-45962 MEDIUM
os4ed openSIS < 8.0 - SQL Injection via CalendarModal.php
CVSS 6.5
CVE-2022-4546 HIGH
Mapwiz WordPress <1.0.1 - SQL Injection
CVSS 7.2
CVE-2022-4445 CRITICAL
FL3R FeelBox < 8.1 - Unauthenticated SQL Injection via AJAX Action
CVSS 9.8
CVE-2022-4557 CRITICAL
Group Arge Energy and Control Systems Smartpower Web <23.01.01 - SQ...
CVSS 9.8
CVE-2022-45090 HIGH
Group Arge Energy and Control Systems Smartpower Web < 23.01.01 - SQL Injection
CVSS 8.8
CVE-2022-45089 HIGH
Group Arge Energy and Control Systems Smartpower Web < 23.01.01 - SQL Injection
CVSS 8.8
CVE-2022-41731 HIGH
IBM Watson Knowledge Catalog on Cloud Pak for Data <4.5.0 - SQL Inj...
CVSS 8.6
Details
Vulnerabilities 19,779
Exploit Likelihood High