CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,782 vulnerabilities with CWE-89
CVE-2022-45210 MEDIUM
Jeecg-boot < 3.4.4 - SQL Injection via /sys/user/deleteRecycleBin
CVSS 4.3
CVE-2022-45208 MEDIUM
Jeecg-boot 3.4.3 - SQL Injection via /sys/user/putRecycleBin
CVSS 4.3
CVE-2022-45207 CRITICAL
Jeecg-boot < 3.4.4 - SQL Injection via updateNullByEmptyString Component
CVSS 9.8
CVE-2022-45206 CRITICAL
Jeecg-boot < 3.4.4 - SQL Injection via /sys/duplicate/check Component
CVSS 9.8
CVE-2022-45205 MEDIUM
Jeecg-boot 3.4.3 - SQL Injection via /sys/dict/queryTableData
CVSS 5.3
CVE-2022-4088 HIGH
rickxy Stock Management System - SQL Injection
CVSS 7.3
CVE-2022-45278 HIGH
jizhicms 2.3.3 - SQL Injection via /index.php/admins/Fields/get_fields.html
CVSS 8.8
CVE-2022-44120 CRITICAL
dedecmsv6 6.1.9 - SQL Injection via sys_sql_query.php
CVSS 9.8
CVE-2022-44117 CRITICAL
Boa 0.94.14rc21 - SQL Injection via Username Parameter
CVSS 9.8
CVE-2022-44140 HIGH
jizhicms 2.3.3 - SQL Injection via Member Edit Component
CVSS 8.8
CVE-2022-44278 HIGH
Sanitization Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-44139 CRITICAL
Apartment Visitor Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-43213 CRITICAL
Billing System Project v1.0 - SQL Injection
CVSS 9.8
CVE-2022-37773 MEDIUM
Maarch RM 2.7-2.8.5 - Authenticated SQL Injection via Statistics Page Filter Parameter
CVSS 6.5
CVE-2022-45536 MEDIUM
AeroCMS 0.0.1 - SQL Injection via id Parameter in post_comments.php
CVSS 4.9
CVE-2022-45535 MEDIUM
AeroCMS 0.0.1 - SQL Injection via Edit Parameter
CVSS 4.9
CVE-2022-45529 MEDIUM
AeroCMS 0.0.1 - SQL Injection via post_category_id Parameter
CVSS 4.9
CVE-2022-45331 HIGH
AeroCMS 0.0.1 - SQL Injection via p_id Parameter
CVSS 7.5
CVE-2022-45330 HIGH
AeroCMS v0.0.1 - SQL Injection via Category Parameter
CVSS 7.5
CVE-2022-43212 CRITICAL
Billing System Project v1.0 - SQL Injection
CVSS 9.8
CVE-2022-39066 HIGH
ZTE MF286R < mf286r_b07 - Authenticated SQL Injection via Phonebook Interface
CVSS 8.8
CVE-2022-42098 HIGH
KLiK SocialMediaWebsite v1.0.1 - SQL Injection via profile.php
CVSS 8.8
CVE-2022-43215 CRITICAL
Billing System Project v1.0 - SQL Injection
CVSS 9.8
CVE-2022-43214 CRITICAL
Billing System Project v1.0 - SQL Injection
CVSS 9.8
CVE-2022-43709 MEDIUM
MyBB < 1.8.32 - Authenticated SQL Injection in Admin CP Users Module
CVSS 4.9
Details
Vulnerabilities 19,782
Exploit Likelihood High