CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,781 vulnerabilities with CWE-89
CVE-2022-47861
CRITICAL
Lead Management System v1.0 - SQL Injection via removeLead.php id Parameter
CVSS 9.8
CVE-2022-47860
CRITICAL
Lead Management System v1.0 - SQL Injection via removeProduct.php id Parameter
CVSS 9.8
CVE-2022-47859
CRITICAL
Lead Management System 1.0 - SQL Injection via changePassword.php user_id Parameter
CVSS 9.8
CVE-2022-47866
CRITICAL
Lead Management System v1.0 - SQL Injection via removeBrand.php id Parameter
CVSS 9.8
CVE-2022-47865
CRITICAL
Lead Management System v1.0 - SQL Injection via removeOrder.php id Parameter
CVSS 9.8
CVE-2022-46163
HIGH
Travel support program <patched - Info Disclosure
CVSS 7.5
CVE-2022-45165
MEDIUM
Archibus Web Central 2022.03.01.107 - SQL Injection
CVSS 6.5
CVE-2022-38492
HIGH
EasyVista <2022.1.109.0.03 - SQL Injection
CVSS 7.7
CVE-2022-38490
CRITICAL
EasyVista <2022.1.109.0.03 - SQL Injection
CVSS 9.6
CVE-2022-4422
CRITICAL
Bulutdesk Callcenter < 3.0 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2022-3792
CRITICAL
GullsEye Terminal Operating System < 5.0.13 - SQL Injection
CVSS 9.8
CVE-2022-47790
CRITICAL
Dynamic Transaction Queuing System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-2666
MEDIUM
SourceCodester Loan Management System - SQL Injection
CVSS 6.3
CVE-2022-39072
MEDIUM
ZTE Mobile Internet - SQL Injection
CVSS 5.4
CVE-2022-40049
HIGH
Theme Park Ticketing System 1.0 - SQL Injection via id Parameter
CVSS 7.5
CVE-2022-47523
CRITICAL
Zoho ManageEngine Access Manager Plus, Password Manager Pro, and PAM360 - SQL Injection
CVSS 9.8
CVE-2022-43531
HIGH
Aruba ClearPass Policy Manager <6.10.7 - SQL Injection
CVSS 8.8
CVE-2022-43530
HIGH
Aruba ClearPass Policy Manager <6.10.7 - SQL Injection
CVSS 8.8
CVE-2022-43523
HIGH
Aruba EdgeConnect Enterprise Orchestrator - SQL Injection
CVSS 8.8
CVE-2022-43522
HIGH
Aruba EdgeConnect Enterprise Orchestrator - SQL Injection
CVSS 8.8
CVE-2022-43521
HIGH
Aruba EdgeConnect Enterprise Orchestrator - SQL Injection
CVSS 8.8
CVE-2022-43520
HIGH
Aruba EdgeConnect Enterprise Orchestrator - SQL Injection
CVSS 8.8
CVE-2022-43519
HIGH
Aruba EdgeConnect Enterprise Orchestrator - SQL Injection
CVSS 8.8
CVE-2022-22338
MEDIUM
IBM Sterling B2B Integrator Standard Edition <6.1.2.1 - SQL Injection
CVSS 6.3
CVE-2022-38627
CRITICAL
Nortek Linear eMerge E3-Series <0.32-09 - SQL Injection
CVSS 9.8
Details
Vulnerabilities
19,781
Exploit Likelihood
High