CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,781 vulnerabilities with CWE-89
CVE-2022-4871 MEDIUM
ummmmm nflpick-em.com <2.2.x - SQL Injection
CVSS 4.7
CVE-2022-43437 HIGH
easy_test - Authenticated SQL Injection via Download Function Parameter
CVSS 8.8
CVE-2022-39041 CRITICAL
aEnrich a+HRD - Unauthenticated SQL Injection via API Parameter
CVSS 9.8
CVE-2022-4360 HIGH
WP RSS By Publishers <0.1 - SQL Injection
CVSS 7.2
CVE-2022-4059 CRITICAL
Cryptocurrency Widgets Pack <2.0 - SQL Injection
CVSS 9.8
CVE-2022-34324 HIGH
Sage XRT Business Exchange 12.4.302 - Authenticated SQL Injection in Add Currencies, Payment Order, and Transfer History
CVSS 8.8
CVE-2022-4860 MEDIUM
KBase Metrics < 2022-05-22 - SQL Injection in upload_user_data Function
CVSS 5.5
CVE-2022-4855 HIGH
SourceCodester Lead Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2022-44137 HIGH
SourceCodester Sanitization Management System 1.0 - SQL Injection
CVSS 7.2
CVE-2022-46442 CRITICAL
dedecms <= V5.7.102 - SQL Injection
CVSS 9.8
CVE-2022-4726 MEDIUM
Sanitization Management System 1.0 - SQL Injection via Admin Login Username/Password
CVSS 6.3
CVE-2022-46764 CRITICAL
TrueConf Server <5.2.6 - SQL Injection
CVSS 9.8
CVE-2022-46763 HIGH
TrueConf Server <5.2.6.10025 - SQL Injection
CVSS 8.8
CVE-2022-4161 MEDIUM
Contest Gallery < 19.1.5.1 - Authenticated SQL Injection via cg_copy_start Parameter
CVSS 6.5
CVE-2022-4151 MEDIUM
Contest Gallery < 19.1.5.1 - Authenticated SQL Injection via option_id GET Parameter
CVSS 6.5
CVE-2022-4739 HIGH
School Dormitory Management System 1.0 - SQL Injection in Admin Login
CVSS 7.3
CVE-2022-4737 HIGH
Blood Bank Management System 1.0 - SQL Injection via login.php Username/Password Parameters
CVSS 7.3
CVE-2022-44015 CRITICAL
Simmeth Lieferantenmanager <5.6 - SQL Injection
CVSS 9.8
CVE-2022-45889 HIGH
Planet eStream < 6.72.10.07 - Authenticated SQL Injection via StatisticsResults.aspx flt Parameter
CVSS 7.2
CVE-2022-43860 MEDIUM
IBM Navigator for i <7.5 - Info Disclosure
CVSS 4.3
CVE-2022-43859 MEDIUM
IBM Navigator for i <7.5 - Info Disclosure
CVSS 6.3
CVE-2022-1887 CRITICAL
Firefox for iOS < 101 - SQL Injection
CVSS 9.8
CVE-2022-45041 HIGH
rockoa xinhu < 2.5.0 - SQL Injection
CVSS 7.5
CVE-2022-4427 MEDIUM
OTRS 6.0.1-6.0.34, 7.0.1-7.0.40, 8.0.1-8.0.28 - SQL Injection via TicketSearch Webservice
CVSS 6.5
CVE-2022-4592 MEDIUM
CRMx - SQL Injection via index.php get/save/delete/comment/commentdelete Functions
CVSS 6.3
Details
Vulnerabilities 19,781
Exploit Likelihood High