CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,782 vulnerabilities with CWE-89
CVE-2022-45210
MEDIUM
Jeecg-boot < 3.4.4 - SQL Injection via /sys/user/deleteRecycleBin
CVSS 4.3
CVE-2022-45208
MEDIUM
Jeecg-boot 3.4.3 - SQL Injection via /sys/user/putRecycleBin
CVSS 4.3
CVE-2022-45207
CRITICAL
Jeecg-boot < 3.4.4 - SQL Injection via updateNullByEmptyString Component
CVSS 9.8
CVE-2022-45206
CRITICAL
Jeecg-boot < 3.4.4 - SQL Injection via /sys/duplicate/check Component
CVSS 9.8
CVE-2022-45205
MEDIUM
Jeecg-boot 3.4.3 - SQL Injection via /sys/dict/queryTableData
CVSS 5.3
CVE-2022-4088
HIGH
rickxy Stock Management System - SQL Injection
CVSS 7.3
CVE-2022-45278
HIGH
jizhicms 2.3.3 - SQL Injection via /index.php/admins/Fields/get_fields.html
CVSS 8.8
CVE-2022-44120
CRITICAL
dedecmsv6 6.1.9 - SQL Injection via sys_sql_query.php
CVSS 9.8
CVE-2022-44117
CRITICAL
Boa 0.94.14rc21 - SQL Injection via Username Parameter
CVSS 9.8
CVE-2022-44140
HIGH
jizhicms 2.3.3 - SQL Injection via Member Edit Component
CVSS 8.8
CVE-2022-44278
HIGH
Sanitization Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-44139
CRITICAL
Apartment Visitor Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-43213
CRITICAL
Billing System Project v1.0 - SQL Injection
CVSS 9.8
CVE-2022-37773
MEDIUM
Maarch RM 2.7-2.8.5 - Authenticated SQL Injection via Statistics Page Filter Parameter
CVSS 6.5
CVE-2022-45536
MEDIUM
AeroCMS 0.0.1 - SQL Injection via id Parameter in post_comments.php
CVSS 4.9
CVE-2022-45535
MEDIUM
AeroCMS 0.0.1 - SQL Injection via Edit Parameter
CVSS 4.9
CVE-2022-45529
MEDIUM
AeroCMS 0.0.1 - SQL Injection via post_category_id Parameter
CVSS 4.9
CVE-2022-45331
HIGH
AeroCMS 0.0.1 - SQL Injection via p_id Parameter
CVSS 7.5
CVE-2022-45330
HIGH
AeroCMS v0.0.1 - SQL Injection via Category Parameter
CVSS 7.5
CVE-2022-43212
CRITICAL
Billing System Project v1.0 - SQL Injection
CVSS 9.8
CVE-2022-39066
HIGH
ZTE MF286R < mf286r_b07 - Authenticated SQL Injection via Phonebook Interface
CVSS 8.8
CVE-2022-42098
HIGH
KLiK SocialMediaWebsite v1.0.1 - SQL Injection via profile.php
CVSS 8.8
CVE-2022-43215
CRITICAL
Billing System Project v1.0 - SQL Injection
CVSS 9.8
CVE-2022-43214
CRITICAL
Billing System Project v1.0 - SQL Injection
CVSS 9.8
CVE-2022-43709
MEDIUM
MyBB < 1.8.32 - Authenticated SQL Injection in Admin CP Users Module
CVSS 4.9
Details
Vulnerabilities
19,782
Exploit Likelihood
High