CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,781 vulnerabilities with CWE-89
CVE-2022-4566 MEDIUM
y_project RuoYi <4.7.5 - SQL Injection
CVSS 5.5
CVE-2022-42535 MEDIUM
Android - SQL Injection in MmsSmsProvider.java
CVSS 5.5
CVE-2022-20518 MEDIUM
Android 13 - SQL Injection in MmsSmsProvider.java
CVSS 5.5
CVE-2022-20517 MEDIUM
Android - SQL Injection in MmsSmsProvider.java
CVSS 5.5
CVE-2022-44588 CRITICAL
Cryptocurrency Widgets Pack < 1.8.1 - Unauthenticated SQL Injection
CVSS 9.9
CVE-2022-38488 CRITICAL
logrocket-oauth2-example <2020-05-27 - SQL Injection
CVSS 9.8
CVE-2022-46443 HIGH
mesinkasir Bangresto 1.0 - SQL Injection
CVSS 8.8
CVE-2022-46072 CRITICAL
Helmet Store Showroom v1.0 - SQL Injection
CVSS 9.8
CVE-2022-46071 CRITICAL
Helmet Store Showroom v1.0 - SQL Injection
CVSS 9.8
CVE-2022-46127 HIGH
Helmet Store Showroom Site v1.0 - SQL Injection
CVSS 7.2
CVE-2022-46126 HIGH
Helmet Store Showroom Site v1.0 - SQL Injection
CVSS 7.2
CVE-2022-46125 HIGH
Helmet Store Showroom Site v1.0 - SQL Injection
CVSS 7.2
CVE-2022-46124 HIGH
Helmet Store Showroom Site v1.0 - SQL Injection
CVSS 7.2
CVE-2022-46123 HIGH
Helmet Store Showroom Site v1.0 - SQL Injection
CVSS 7.2
CVE-2022-46122 HIGH
Helmet Store Showroom Site v1.0 - SQL Injection
CVSS 7.2
CVE-2022-46121 HIGH
Helmet Store Showroom Site v1.0 - SQL Injection
CVSS 7.2
CVE-2022-46120 HIGH
Helmet Store Showroom Site v1.0 - SQL Injection
CVSS 7.2
CVE-2022-46119 HIGH
Helmet Store Showroom Site v1.0 - SQL Injection
CVSS 7.2
CVE-2022-46118 HIGH
Helmet Store Showroom Site v1.0 - SQL Injection
CVSS 7.2
CVE-2022-46117 HIGH
Helmet Store Showroom Site v1.0 - SQL Injection
CVSS 7.2
CVE-2022-4454 MEDIUM
m0ver bible-online < 2022-10-02 - SQL Injection in Search Handler
CVSS 5.5
CVE-2022-46051 HIGH
AeroCMS - SQL Injection via Approve Parameter
CVSS 7.2
CVE-2022-46047 MEDIUM
AeroCMS v0.0.1 - SQL Injection via Delete Parameter
CVSS 4.9
CVE-2022-41272 CRITICAL
SAP NetWeaver PI <7.50 - Info Disclosure
CVSS 9.9
CVE-2022-41271 CRITICAL
SAP NetWeaver PI 7.50 - Info Disclosure
CVSS 9.4
Details
Vulnerabilities 19,781
Exploit Likelihood High