CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,779 vulnerabilities with CWE-89
CVE-2022-36976
CRITICAL
Ivanti Avalanche 6.3.2.3490-6.3.4 - SQL Injection via GroupDaoImpl
CVSS 9.8
CVE-2022-36975
CRITICAL
Ivanti Avalanche 6.3.2.3490-<6.3.4 - Authentication Bypass via SQL Injection in ProfileDaoImpl
CVSS 9.8
CVE-2022-36973
HIGH
Ivanti Avalanche 6.3.2.3490-6.3.4 - Authenticated SQL Injection via ProfileDaoImpl
CVSS 8.8
CVE-2022-36972
CRITICAL
Ivanti Avalanche 6.3.2.3490-6.3.4 - SQL Injection via ProfileDaoImpl
CVSS 9.8
CVE-2022-4933
MEDIUM
dolibarr_module_quicksupplierprice < 1.1.7 - SQL Injection via upatePrice Function
CVSS 6.3
CVE-2022-44580
CRITICAL
RichPlugins Plugin for Google Reviews <= 2.2.3 - SQL Injection
CVSS 9.1
CVE-2022-38074
HIGH
VeronaLabs WP Statistics <= 13.2.10 - SQL Injection
CVSS 7.1
CVE-2022-3760
CRITICAL
Mia Technology Mia-Med < 1.0.0.58 - SQL Injection
CVSS 9.8
CVE-2022-46501
CRITICAL
Accruent LLC Maintenance Connection <2022.2 - SQL Injection
CVSS 9.8
CVE-2022-34909
HIGH
aremis_4_nomads < 1.5.1 - SQL Injection
CVSS 7.7
CVE-2022-2504
CRITICAL
SDD-Baro < 2.8.432 - SQL Injection
CVSS 9.8
CVE-2022-48149
CRITICAL
Online Student Admission System 1.0 - SQL Injection via Username Parameter
CVSS 9.8
CVE-2022-45677
CRITICAL
Tution Management System - SQL Injection via Email Parameter
CVSS 9.8
CVE-2022-45564
CRITICAL
znfit Home improvement ERP management system V50_20220207 v42 - SQL Injection via userCode Parameter
CVSS 9.8
CVE-2022-40032
CRITICAL
Simple Task Managing System 1.0 - SQL Injection via login.php Username and Password Parameters
CVSS 9.8
CVE-2022-40347
CRITICAL
Intern Record System 1.0 - SQL Injection via Phone/Email/DeptType/Name Parameters
CVSS 9.8
CVE-2022-38868
HIGH
Ehoney 2.0.0 - SQL Injection in models/protocol.go and models/images.go
CVSS 7.2
CVE-2022-38867
HIGH
rttys 4.0.0-4.0.2 and 4.4.x - SQL Injection in api.go
CVSS 8.8
CVE-2022-45962
MEDIUM
os4ed openSIS < 8.0 - SQL Injection via CalendarModal.php
CVSS 6.5
CVE-2022-4546
HIGH
Mapwiz WordPress <1.0.1 - SQL Injection
CVSS 7.2
CVE-2022-4445
CRITICAL
FL3R FeelBox < 8.1 - Unauthenticated SQL Injection via AJAX Action
CVSS 9.8
CVE-2022-4557
CRITICAL
Group Arge Energy and Control Systems Smartpower Web <23.01.01 - SQ...
CVSS 9.8
CVE-2022-45090
HIGH
Group Arge Energy and Control Systems Smartpower Web < 23.01.01 - SQL Injection
CVSS 8.8
CVE-2022-45089
HIGH
Group Arge Energy and Control Systems Smartpower Web < 23.01.01 - SQL Injection
CVSS 8.8
CVE-2022-41731
HIGH
IBM Watson Knowledge Catalog on Cloud Pak for Data <4.5.0 - SQL Inj...
CVSS 8.6
Details
Vulnerabilities
19,779
Exploit Likelihood
High