CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,782 vulnerabilities with CWE-89
CVE-2022-44785
CRITICAL
Appalti & Contratti 9.12.2 - Unauthenticated SQL Injection via GetListaEnti.do cfamm Parameter
CVSS 9.8
CVE-2022-38148
HIGH
Silverstripe framework <4.11 - SQL Injection
CVSS 8.8
CVE-2022-4093
CRITICAL
Dolibarr 16.0.1 and 16.0.2 - SQL Injection
CVSS 9.8
CVE-2022-42497
CRITICAL
Api2Cart Bridge Connector <= 1.1.0 - Remote Code Execution
CVSS 10.0
CVE-2022-44820
HIGH
Automotive Shop Management System 1.0 - SQL Injection via Transactions Manage Endpoint
CVSS 7.2
CVE-2022-44415
HIGH
Automotive Shop Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-44414
HIGH
Automotive Shop Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-44413
HIGH
Automotive Shop Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-44379
HIGH
Automotive Shop Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-44378
HIGH
Automotive Shop Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-43506
HIGH
Delta Electronics DIAEnergie <v1.9.02.001 - SQL Injection
CVSS 8.8
CVE-2022-43457
HIGH
Delta Electronics DIAEnergie <v1.9.02.001 - SQL Injection
CVSS 8.8
CVE-2022-43452
HIGH
Delta Electronics DIAEnergie <v1.9.02.001 - SQL Injection
CVSS 8.8
CVE-2022-43447
HIGH
Delta Electronics DIAEnergie <v1.9.02.001 - SQL Injection
CVSS 8.8
CVE-2022-41775
HIGH
Delta Electronics DIAEnergie <v1.9.02.001 - SQL Injection
CVSS 8.8
CVE-2022-39180
CRITICAL
College Management System 1.0 - SQL Injection via Login Username and Password Fields
CVSS 9.8
CVE-2022-39179
HIGH
College Management System 1.0 - Authenticated Remote Code Execution via .php File Upload
CVSS 7.2
CVE-2022-36787
CRITICAL
webvendome - SQL Injection via DocNumber Parameter
CVSS 9.8
CVE-2022-43179
HIGH
Online Leave Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-43163
HIGH
Online Diagnostic Lab Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-43162
HIGH
Online Diagnostic Lab Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-44403
HIGH
Automotive Shop Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-44402
HIGH
Automotive Shop Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-4052
MEDIUM
Student Attendance Management System - SQL Injection
CVSS 4.7
CVE-2022-4051
MEDIUM
Hostel Searching Project - SQL Injection
CVSS 6.3
Details
Vulnerabilities
19,782
Exploit Likelihood
High