CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,781 vulnerabilities with CWE-89
CVE-2022-47861 CRITICAL
Lead Management System v1.0 - SQL Injection via removeLead.php id Parameter
CVSS 9.8
CVE-2022-47860 CRITICAL
Lead Management System v1.0 - SQL Injection via removeProduct.php id Parameter
CVSS 9.8
CVE-2022-47859 CRITICAL
Lead Management System 1.0 - SQL Injection via changePassword.php user_id Parameter
CVSS 9.8
CVE-2022-47866 CRITICAL
Lead Management System v1.0 - SQL Injection via removeBrand.php id Parameter
CVSS 9.8
CVE-2022-47865 CRITICAL
Lead Management System v1.0 - SQL Injection via removeOrder.php id Parameter
CVSS 9.8
CVE-2022-46163 HIGH
Travel support program <patched - Info Disclosure
CVSS 7.5
CVE-2022-45165 MEDIUM
Archibus Web Central 2022.03.01.107 - SQL Injection
CVSS 6.5
CVE-2022-38492 HIGH
EasyVista <2022.1.109.0.03 - SQL Injection
CVSS 7.7
CVE-2022-38490 CRITICAL
EasyVista <2022.1.109.0.03 - SQL Injection
CVSS 9.6
CVE-2022-4422 CRITICAL
Bulutdesk Callcenter < 3.0 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2022-3792 CRITICAL
GullsEye Terminal Operating System < 5.0.13 - SQL Injection
CVSS 9.8
CVE-2022-47790 CRITICAL
Dynamic Transaction Queuing System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-2666 MEDIUM
SourceCodester Loan Management System - SQL Injection
CVSS 6.3
CVE-2022-39072 MEDIUM
ZTE Mobile Internet - SQL Injection
CVSS 5.4
CVE-2022-40049 HIGH
Theme Park Ticketing System 1.0 - SQL Injection via id Parameter
CVSS 7.5
CVE-2022-47523 CRITICAL
Zoho ManageEngine Access Manager Plus, Password Manager Pro, and PAM360 - SQL Injection
CVSS 9.8
CVE-2022-43531 HIGH
Aruba ClearPass Policy Manager <6.10.7 - SQL Injection
CVSS 8.8
CVE-2022-43530 HIGH
Aruba ClearPass Policy Manager <6.10.7 - SQL Injection
CVSS 8.8
CVE-2022-43523 HIGH
Aruba EdgeConnect Enterprise Orchestrator - SQL Injection
CVSS 8.8
CVE-2022-43522 HIGH
Aruba EdgeConnect Enterprise Orchestrator - SQL Injection
CVSS 8.8
CVE-2022-43521 HIGH
Aruba EdgeConnect Enterprise Orchestrator - SQL Injection
CVSS 8.8
CVE-2022-43520 HIGH
Aruba EdgeConnect Enterprise Orchestrator - SQL Injection
CVSS 8.8
CVE-2022-43519 HIGH
Aruba EdgeConnect Enterprise Orchestrator - SQL Injection
CVSS 8.8
CVE-2022-22338 MEDIUM
IBM Sterling B2B Integrator Standard Edition <6.1.2.1 - SQL Injection
CVSS 6.3
CVE-2022-38627 CRITICAL
Nortek Linear eMerge E3-Series <0.32-09 - SQL Injection
CVSS 9.8
Details
Vulnerabilities 19,781
Exploit Likelihood High