CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,781 vulnerabilities with CWE-89
CVE-2022-3915
CRITICAL
Dokan < 3.7.6 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2022-4416
MEDIUM
mxsdoc - SQL Injection via searchWord/reposId Parameter in getReposAllUsers Function
CVSS 6.3
CVE-2022-4403
MEDIUM
Canteen Management System - SQL Injection via customer_id Parameter in ajax_represent.php
CVSS 6.3
CVE-2022-4399
MEDIUM
TicklishHoneyBee nodau - SQL Injection
CVSS 5.5
CVE-2022-23510
CRITICAL
cube.js 0.31.23 - Authenticated SQL Injection via /v1/sql-runner Endpoint
CVSS 9.6
CVE-2022-44790
HIGH
Interspire Email Marketer <= 6.5.1 - Unauthenticated SQL Injection via Surveys Module
CVSS 7.5
CVE-2022-44838
HIGH
Automotive Shop Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-4375
MEDIUM
Mingsoft MCMS <5.2.9 - SQL Injection
CVSS 6.3
CVE-2022-44393
HIGH
Sanitization Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-4322
MEDIUM
maku-boot 1.3.0-2.2.0 - SQL Injection in Scheduled Task Handler
CVSS 6.3
CVE-2022-45010
CRITICAL
Simple Phone Book/Directory Web App 1.0 - SQL Injection via editid Parameter
CVSS 9.8
CVE-2022-33875
MEDIUM
Fortinet FortiADC <7.1.0 - SQL Injection
CVSS 5.4
CVE-2022-45019
HIGH
SLiMS 9 Bulian 9.5.0 - SQL Injection via Keywords Parameter
CVSS 7.5
CVE-2022-45822
CRITICAL
Advanced Booking Calendar <= 1.7.1 - Unauthenticated SQL Injection
CVSS 10.0
CVE-2022-4278
MEDIUM
SourceCodester Human Resource Management System 1.0 - SQL Injection via empid Parameter
CVSS 4.7
CVE-2022-4277
MEDIUM
Shaoxing Background Management System - SQL Injection via /Default/Bd id Parameter
CVSS 6.3
CVE-2022-4275
MEDIUM
House Rental System - SQL Injection via search-property.php POST Request Handler
CVSS 6.3
CVE-2022-4274
MEDIUM
House Rental System - SQL Injection via property_id Parameter in view-property.php
CVSS 6.3
CVE-2022-44945
CRITICAL
rukovoditel v3.2.1 - SQL Injection via heading_field_id Parameter
CVSS 9.8
CVE-2022-44291
CRITICAL
webTareas 2.4p5 - SQL Injection via id Parameter in phasesets.php
CVSS 9.8
CVE-2022-44290
CRITICAL
webTareas 2.4p5 - SQL Injection via deleteapprovalstages.php id Parameter
CVSS 9.8
CVE-2022-44348
HIGH
Sanitization Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-44347
HIGH
Sanitization Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-44345
HIGH
Sanitization Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-44277
HIGH
Sanitization Management System v1.0 - SQL Injection
CVSS 7.2
Details
Vulnerabilities
19,781
Exploit Likelihood
High