CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,782 vulnerabilities with CWE-89
CVE-2022-44277 HIGH
Sanitization Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-2807 CRITICAL
Algan Software Prens <2.1.11 - SQL Injection
CVSS 9.8
CVE-2022-3711 MEDIUM
Sophos XG Firewall Firmware < 19.0 - Authenticated SQL Injection
CVSS 4.3
CVE-2022-3710 LOW
Sophos XG Firewall Firmware < 19.5 - Authenticated SQL Injection via API Controller
CVSS 2.7
CVE-2022-30528 CRITICAL
isic.lk < 2018-02-13 - SQL Injection via Username Parameter
CVSS 9.8
CVE-2022-44296 HIGH
Sanitization Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-44295 HIGH
Sanitization Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-44294 HIGH
Sanitization Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-44151 CRITICAL
Simple Inventory Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-4222 MEDIUM
Canteen Management System - SQL Injection via ajax_invoice.php POST Request Handler
CVSS 5.0
CVE-2022-45328 HIGH
Church Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-3751 CRITICAL
owncast < 0.0.13 - SQL Injection
CVSS 9.8
CVE-2022-45329 HIGH
AeroCMS v0.0.1 - SQL Injection via Search Parameter
CVSS 7.5
CVE-2022-42109 CRITICAL
online-shopping-system-advanced 1.0 - SQL Injection via p Parameter at product.php
CVSS 9.8
CVE-2022-44399 CRITICAL
Poultry Farm Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-3848 HIGH
WP User Merger <1.5.3 - SQL Injection
CVSS 8.8
CVE-2022-3768 HIGH
WPSmartContracts < 1.3.12 - Authenticated SQL Injection
CVSS 8.8
CVE-2022-3689 HIGH
HTML Forms WordPress Plugin < 1.3.25 - Authenticated SQL Injection
CVSS 7.2
CVE-2022-36193 CRITICAL
School Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2022-45932 HIGH
OpenDaylight < 0.16.5 - SQL Injection via Role Deletion API
CVSS 7.5
CVE-2022-45931 HIGH
OpenDaylight < 0.16.5 - SQL Injection via User Deletion API
CVSS 7.5
CVE-2022-45930 HIGH
OpenDaylight < 0.16.5 - SQL Injection via Domain Deletion API
CVSS 7.5
CVE-2022-44860 HIGH
Automotive Shop Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-44859 HIGH
Automotive Shop Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-44858 HIGH
Automotive Shop Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
Details
Vulnerabilities 19,782
Exploit Likelihood High