CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,781 vulnerabilities with CWE-89
CVE-2022-47740 CRITICAL
Seltmann GmbH Content Management System 6 - SQL Injection via index.php
CVSS 9.8
CVE-2022-47105 CRITICAL
Jeecg-boot - SQL Injection via /sys/dict/queryTableData
CVSS 9.8
CVE-2022-43462 CRITICAL
Adeel Ahmed's IP Blacklist Cloud <5.00 - SQL Injection
CVSS 9.1
CVE-2022-4547 HIGH
Conditional Payment Methods for WooCommerce < 1.0.0 - Authenticated SQL Injection
CVSS 7.2
CVE-2022-41703 MEDIUM
Apache Superset <2.0.0 - SQL Injection
CVSS 5.4
CVE-2022-4889 MEDIUM
visegripped Stracker - SQL Injection
CVSS 5.5
CVE-2022-46093 HIGH
Hospital Management System v1.0 - SQL Injection
CVSS 8.2
CVE-2022-46956 HIGH
Dynamic Transaction Queuing System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-46955 CRITICAL
Dynamic Transaction Queuing System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-46954 CRITICAL
Dynamic Transaction Queuing System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-46953 HIGH
Dynamic Transaction Queuing System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-46952 HIGH
Dynamic Transaction Queuing System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-46951 HIGH
Dynamic Transaction Queuing System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-46950 HIGH
Dynamic Transaction Queuing System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-46949 HIGH
Helmet Store Showroom Site v1.0 - SQL Injection
CVSS 7.2
CVE-2022-46947 HIGH
Helmet Store Showroom Site v1.0 - SQL Injection
CVSS 7.2
CVE-2022-46946 HIGH
Helmet Store Showroom Site v1.0 - SQL Injection
CVSS 7.2
CVE-2022-48090 MEDIUM
hotel_management_system 2022.4 - SQL Injection via CustomerDAO.php
CVSS 6.5
CVE-2022-46502 CRITICAL
Online Student Enrollment System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-46471 CRITICAL
Online Health Care System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-46623 HIGH
Judging Management System v1.0.0 - SQL Injection
CVSS 7.8
CVE-2022-46472 HIGH
Helmet Store Showroom Site v1.0 - SQL Injection
CVSS 7.2
CVE-2022-40615 MEDIUM
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 - SQL Injection
CVSS 6.3
CVE-2022-47864 CRITICAL
Lead Management System v1.0 - SQL Injection via id Parameter in removeCategories.php
CVSS 9.8
CVE-2022-47862 CRITICAL
Lead Management System v1.0 - SQL Injection via customer_id Parameter
CVSS 9.8
Details
Vulnerabilities 19,781
Exploit Likelihood High