CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,781 vulnerabilities with CWE-89
CVE-2022-3915 CRITICAL
Dokan < 3.7.6 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2022-4416 MEDIUM
mxsdoc - SQL Injection via searchWord/reposId Parameter in getReposAllUsers Function
CVSS 6.3
CVE-2022-4403 MEDIUM
Canteen Management System - SQL Injection via customer_id Parameter in ajax_represent.php
CVSS 6.3
CVE-2022-4399 MEDIUM
TicklishHoneyBee nodau - SQL Injection
CVSS 5.5
CVE-2022-23510 CRITICAL
cube.js 0.31.23 - Authenticated SQL Injection via /v1/sql-runner Endpoint
CVSS 9.6
CVE-2022-44790 HIGH
Interspire Email Marketer <= 6.5.1 - Unauthenticated SQL Injection via Surveys Module
CVSS 7.5
CVE-2022-44838 HIGH
Automotive Shop Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-4375 MEDIUM
Mingsoft MCMS <5.2.9 - SQL Injection
CVSS 6.3
CVE-2022-44393 HIGH
Sanitization Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-4322 MEDIUM
maku-boot 1.3.0-2.2.0 - SQL Injection in Scheduled Task Handler
CVSS 6.3
CVE-2022-45010 CRITICAL
Simple Phone Book/Directory Web App 1.0 - SQL Injection via editid Parameter
CVSS 9.8
CVE-2022-33875 MEDIUM
Fortinet FortiADC <7.1.0 - SQL Injection
CVSS 5.4
CVE-2022-45019 HIGH
SLiMS 9 Bulian 9.5.0 - SQL Injection via Keywords Parameter
CVSS 7.5
CVE-2022-45822 CRITICAL
Advanced Booking Calendar <= 1.7.1 - Unauthenticated SQL Injection
CVSS 10.0
CVE-2022-4278 MEDIUM
SourceCodester Human Resource Management System 1.0 - SQL Injection via empid Parameter
CVSS 4.7
CVE-2022-4277 MEDIUM
Shaoxing Background Management System - SQL Injection via /Default/Bd id Parameter
CVSS 6.3
CVE-2022-4275 MEDIUM
House Rental System - SQL Injection via search-property.php POST Request Handler
CVSS 6.3
CVE-2022-4274 MEDIUM
House Rental System - SQL Injection via property_id Parameter in view-property.php
CVSS 6.3
CVE-2022-44945 CRITICAL
rukovoditel v3.2.1 - SQL Injection via heading_field_id Parameter
CVSS 9.8
CVE-2022-44291 CRITICAL
webTareas 2.4p5 - SQL Injection via id Parameter in phasesets.php
CVSS 9.8
CVE-2022-44290 CRITICAL
webTareas 2.4p5 - SQL Injection via deleteapprovalstages.php id Parameter
CVSS 9.8
CVE-2022-44348 HIGH
Sanitization Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-44347 HIGH
Sanitization Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-44345 HIGH
Sanitization Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-44277 HIGH
Sanitization Management System v1.0 - SQL Injection
CVSS 7.2
Details
Vulnerabilities 19,781
Exploit Likelihood High