CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,782 vulnerabilities with CWE-89
CVE-2022-44277
HIGH
Sanitization Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-2807
CRITICAL
Algan Software Prens <2.1.11 - SQL Injection
CVSS 9.8
CVE-2022-3711
MEDIUM
Sophos XG Firewall Firmware < 19.0 - Authenticated SQL Injection
CVSS 4.3
CVE-2022-3710
LOW
Sophos XG Firewall Firmware < 19.5 - Authenticated SQL Injection via API Controller
CVSS 2.7
CVE-2022-30528
CRITICAL
isic.lk < 2018-02-13 - SQL Injection via Username Parameter
CVSS 9.8
CVE-2022-44296
HIGH
Sanitization Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-44295
HIGH
Sanitization Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-44294
HIGH
Sanitization Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-44151
CRITICAL
Simple Inventory Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-4222
MEDIUM
Canteen Management System - SQL Injection via ajax_invoice.php POST Request Handler
CVSS 5.0
CVE-2022-45328
HIGH
Church Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-3751
CRITICAL
owncast < 0.0.13 - SQL Injection
CVSS 9.8
CVE-2022-45329
HIGH
AeroCMS v0.0.1 - SQL Injection via Search Parameter
CVSS 7.5
CVE-2022-42109
CRITICAL
online-shopping-system-advanced 1.0 - SQL Injection via p Parameter at product.php
CVSS 9.8
CVE-2022-44399
CRITICAL
Poultry Farm Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-3848
HIGH
WP User Merger <1.5.3 - SQL Injection
CVSS 8.8
CVE-2022-3768
HIGH
WPSmartContracts < 1.3.12 - Authenticated SQL Injection
CVSS 8.8
CVE-2022-3689
HIGH
HTML Forms WordPress Plugin < 1.3.25 - Authenticated SQL Injection
CVSS 7.2
CVE-2022-36193
CRITICAL
School Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2022-45932
HIGH
OpenDaylight < 0.16.5 - SQL Injection via Role Deletion API
CVSS 7.5
CVE-2022-45931
HIGH
OpenDaylight < 0.16.5 - SQL Injection via User Deletion API
CVSS 7.5
CVE-2022-45930
HIGH
OpenDaylight < 0.16.5 - SQL Injection via Domain Deletion API
CVSS 7.5
CVE-2022-44860
HIGH
Automotive Shop Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-44859
HIGH
Automotive Shop Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-44858
HIGH
Automotive Shop Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
Details
Vulnerabilities
19,782
Exploit Likelihood
High