CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,781 vulnerabilities with CWE-89
CVE-2022-45089
HIGH
Group Arge Energy and Control Systems Smartpower Web < 23.01.01 - SQL Injection
CVSS 8.8
CVE-2022-41731
HIGH
IBM Watson Knowledge Catalog on Cloud Pak for Data <4.5.0 - SQL Inj...
CVSS 8.6
CVE-2022-45526
CRITICAL
Future-Depth Institutional Management Website 1.0 - SQL Injection via ad Parameter
CVSS 9.8
CVE-2022-45589
HIGH
Talend ESB Runtime < 7.3.1-r2022-09-rt - SQL Injection in Provisioning Service
CVSS 7.2
CVE-2022-45786
HIGH
Apache AGE < 1.1.0 - SQL Injection via Cypher Function Parameterization Bypass
CVSS 8.1
CVE-2022-48114
CRITICAL
RuoYi < 4.7.5 - SQL Injection via /tool/gen/createTable
CVSS 9.8
CVE-2022-48082
CRITICAL
Easyone CRM 5.50.02 - SQL Injection via SearchTag text Parameter
CVSS 9.8
CVE-2022-46965
HIGH
PrestaShop module <1.7.1 - SQL Injection
CVSS 8.1
CVE-2022-47770
CRITICAL
Serenissima Informatica Fast Checkin v1.0 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2022-45297
CRITICAL
EQ < 2.2.0 - SQL Injection
CVSS 9.8
CVE-2022-47780
CRITICAL
Bangresto 1.0 - SQL Injection via itemID Parameter
CVSS 9.8
CVE-2022-27596
CRITICAL
QNAP QTS 5.0.1-5.0.1.2234 and QuTS hero h5.0.1-h5.0.1.2248 - SQL Injection
CVSS 9.8
CVE-2022-48011
CRITICAL
opencats 0.9.7 - SQL Injection via Import viewerrors importID Parameter
CVSS 9.8
CVE-2022-44298
CRITICAL
SiteServer CMS 7.1.3 - SQL Injection
CVSS 9.8
CVE-2022-46966
CRITICAL
Revenue Collection System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-46999
CRITICAL
tuzicms 2.0.6 - SQL Injection via UserController
CVSS 9.8
CVE-2022-45820
CRITICAL
LearnPress - WordPress LMS Plugin <= 4.1.7.3.2 - SQL Injection
CVSS 9.1
CVE-2022-45808
CRITICAL
LearnPress - WordPress LMS Plugin <= 4.1.7.3.2 - SQL Injection
CVSS 9.9
CVE-2022-44297
CRITICAL
SiteServer CMS 7.1.3 - SQL Injection
CVSS 9.8
CVE-2022-41142
HIGH
Centreon - Authenticated SQL Injection via Poller Resource Configuration
CVSS 8.8
CVE-2022-4230
HIGH
WP Statistics < 13.2.9 - Authenticated SQL Injection
CVSS 8.8
CVE-2022-48152
CRITICAL
RemoteClinic 2.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-48120
CRITICAL
Hospital Management System < 2021-03-13 - SQL Injection via Contact and Doctor Parameters
CVSS 9.8
CVE-2022-46887
CRITICAL
NexusPHP < 1.7.33 - SQL Injection via conuser[] Parameter
CVSS 9.8
CVE-2022-47745
HIGH
ZenTao 16.4-18.0.beta1 - Authenticated SQL Injection via importNotice Function
CVSS 8.8
Details
Vulnerabilities
19,781
Exploit Likelihood
High