CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,781 vulnerabilities with CWE-89
CVE-2022-4871
MEDIUM
ummmmm nflpick-em.com <2.2.x - SQL Injection
CVSS 4.7
CVE-2022-43437
HIGH
easy_test - Authenticated SQL Injection via Download Function Parameter
CVSS 8.8
CVE-2022-39041
CRITICAL
aEnrich a+HRD - Unauthenticated SQL Injection via API Parameter
CVSS 9.8
CVE-2022-4360
HIGH
WP RSS By Publishers <0.1 - SQL Injection
CVSS 7.2
CVE-2022-4059
CRITICAL
Cryptocurrency Widgets Pack <2.0 - SQL Injection
CVSS 9.8
CVE-2022-34324
HIGH
Sage XRT Business Exchange 12.4.302 - Authenticated SQL Injection in Add Currencies, Payment Order, and Transfer History
CVSS 8.8
CVE-2022-4860
MEDIUM
KBase Metrics < 2022-05-22 - SQL Injection in upload_user_data Function
CVSS 5.5
CVE-2022-4855
HIGH
SourceCodester Lead Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2022-44137
HIGH
SourceCodester Sanitization Management System 1.0 - SQL Injection
CVSS 7.2
CVE-2022-46442
CRITICAL
dedecms <= V5.7.102 - SQL Injection
CVSS 9.8
CVE-2022-4726
MEDIUM
Sanitization Management System 1.0 - SQL Injection via Admin Login Username/Password
CVSS 6.3
CVE-2022-46764
CRITICAL
TrueConf Server <5.2.6 - SQL Injection
CVSS 9.8
CVE-2022-46763
HIGH
TrueConf Server <5.2.6.10025 - SQL Injection
CVSS 8.8
CVE-2022-4161
MEDIUM
Contest Gallery < 19.1.5.1 - Authenticated SQL Injection via cg_copy_start Parameter
CVSS 6.5
CVE-2022-4151
MEDIUM
Contest Gallery < 19.1.5.1 - Authenticated SQL Injection via option_id GET Parameter
CVSS 6.5
CVE-2022-4739
HIGH
School Dormitory Management System 1.0 - SQL Injection in Admin Login
CVSS 7.3
CVE-2022-4737
HIGH
Blood Bank Management System 1.0 - SQL Injection via login.php Username/Password Parameters
CVSS 7.3
CVE-2022-44015
CRITICAL
Simmeth Lieferantenmanager <5.6 - SQL Injection
CVSS 9.8
CVE-2022-45889
HIGH
Planet eStream < 6.72.10.07 - Authenticated SQL Injection via StatisticsResults.aspx flt Parameter
CVSS 7.2
CVE-2022-43860
MEDIUM
IBM Navigator for i <7.5 - Info Disclosure
CVSS 4.3
CVE-2022-43859
MEDIUM
IBM Navigator for i <7.5 - Info Disclosure
CVSS 6.3
CVE-2022-1887
CRITICAL
Firefox for iOS < 101 - SQL Injection
CVSS 9.8
CVE-2022-45041
HIGH
rockoa xinhu < 2.5.0 - SQL Injection
CVSS 7.5
CVE-2022-4427
MEDIUM
OTRS 6.0.1-6.0.34, 7.0.1-7.0.40, 8.0.1-8.0.28 - SQL Injection via TicketSearch Webservice
CVSS 6.5
CVE-2022-4592
MEDIUM
CRMx - SQL Injection via index.php get/save/delete/comment/commentdelete Functions
CVSS 6.3
Details
Vulnerabilities
19,781
Exploit Likelihood
High