CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,781 vulnerabilities with CWE-89
CVE-2022-45089 HIGH
Group Arge Energy and Control Systems Smartpower Web < 23.01.01 - SQL Injection
CVSS 8.8
CVE-2022-41731 HIGH
IBM Watson Knowledge Catalog on Cloud Pak for Data <4.5.0 - SQL Inj...
CVSS 8.6
CVE-2022-45526 CRITICAL
Future-Depth Institutional Management Website 1.0 - SQL Injection via ad Parameter
CVSS 9.8
CVE-2022-45589 HIGH
Talend ESB Runtime < 7.3.1-r2022-09-rt - SQL Injection in Provisioning Service
CVSS 7.2
CVE-2022-45786 HIGH
Apache AGE < 1.1.0 - SQL Injection via Cypher Function Parameterization Bypass
CVSS 8.1
CVE-2022-48114 CRITICAL
RuoYi < 4.7.5 - SQL Injection via /tool/gen/createTable
CVSS 9.8
CVE-2022-48082 CRITICAL
Easyone CRM 5.50.02 - SQL Injection via SearchTag text Parameter
CVSS 9.8
CVE-2022-46965 HIGH
PrestaShop module <1.7.1 - SQL Injection
CVSS 8.1
CVE-2022-47770 CRITICAL
Serenissima Informatica Fast Checkin v1.0 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2022-45297 CRITICAL
EQ < 2.2.0 - SQL Injection
CVSS 9.8
CVE-2022-47780 CRITICAL
Bangresto 1.0 - SQL Injection via itemID Parameter
CVSS 9.8
CVE-2022-27596 CRITICAL
QNAP QTS 5.0.1-5.0.1.2234 and QuTS hero h5.0.1-h5.0.1.2248 - SQL Injection
CVSS 9.8
CVE-2022-48011 CRITICAL
opencats 0.9.7 - SQL Injection via Import viewerrors importID Parameter
CVSS 9.8
CVE-2022-44298 CRITICAL
SiteServer CMS 7.1.3 - SQL Injection
CVSS 9.8
CVE-2022-46966 CRITICAL
Revenue Collection System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-46999 CRITICAL
tuzicms 2.0.6 - SQL Injection via UserController
CVSS 9.8
CVE-2022-45820 CRITICAL
LearnPress - WordPress LMS Plugin <= 4.1.7.3.2 - SQL Injection
CVSS 9.1
CVE-2022-45808 CRITICAL
LearnPress - WordPress LMS Plugin <= 4.1.7.3.2 - SQL Injection
CVSS 9.9
CVE-2022-44297 CRITICAL
SiteServer CMS 7.1.3 - SQL Injection
CVSS 9.8
CVE-2022-41142 HIGH
Centreon - Authenticated SQL Injection via Poller Resource Configuration
CVSS 8.8
CVE-2022-4230 HIGH
WP Statistics < 13.2.9 - Authenticated SQL Injection
CVSS 8.8
CVE-2022-48152 CRITICAL
RemoteClinic 2.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-48120 CRITICAL
Hospital Management System < 2021-03-13 - SQL Injection via Contact and Doctor Parameters
CVSS 9.8
CVE-2022-46887 CRITICAL
NexusPHP < 1.7.33 - SQL Injection via conuser[] Parameter
CVSS 9.8
CVE-2022-47745 HIGH
ZenTao 16.4-18.0.beta1 - Authenticated SQL Injection via importNotice Function
CVSS 8.8
Details
Vulnerabilities 19,781
Exploit Likelihood High