CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,782 vulnerabilities with CWE-89
CVE-2022-44785 CRITICAL
Appalti & Contratti 9.12.2 - Unauthenticated SQL Injection via GetListaEnti.do cfamm Parameter
CVSS 9.8
CVE-2022-38148 HIGH
Silverstripe framework <4.11 - SQL Injection
CVSS 8.8
CVE-2022-4093 CRITICAL
Dolibarr 16.0.1 and 16.0.2 - SQL Injection
CVSS 9.8
CVE-2022-42497 CRITICAL
Api2Cart Bridge Connector <= 1.1.0 - Remote Code Execution
CVSS 10.0
CVE-2022-44820 HIGH
Automotive Shop Management System 1.0 - SQL Injection via Transactions Manage Endpoint
CVSS 7.2
CVE-2022-44415 HIGH
Automotive Shop Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-44414 HIGH
Automotive Shop Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-44413 HIGH
Automotive Shop Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-44379 HIGH
Automotive Shop Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-44378 HIGH
Automotive Shop Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-43506 HIGH
Delta Electronics DIAEnergie <v1.9.02.001 - SQL Injection
CVSS 8.8
CVE-2022-43457 HIGH
Delta Electronics DIAEnergie <v1.9.02.001 - SQL Injection
CVSS 8.8
CVE-2022-43452 HIGH
Delta Electronics DIAEnergie <v1.9.02.001 - SQL Injection
CVSS 8.8
CVE-2022-43447 HIGH
Delta Electronics DIAEnergie <v1.9.02.001 - SQL Injection
CVSS 8.8
CVE-2022-41775 HIGH
Delta Electronics DIAEnergie <v1.9.02.001 - SQL Injection
CVSS 8.8
CVE-2022-39180 CRITICAL
College Management System 1.0 - SQL Injection via Login Username and Password Fields
CVSS 9.8
CVE-2022-39179 HIGH
College Management System 1.0 - Authenticated Remote Code Execution via .php File Upload
CVSS 7.2
CVE-2022-36787 CRITICAL
webvendome - SQL Injection via DocNumber Parameter
CVSS 9.8
CVE-2022-43179 HIGH
Online Leave Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-43163 HIGH
Online Diagnostic Lab Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-43162 HIGH
Online Diagnostic Lab Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-44403 HIGH
Automotive Shop Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-44402 HIGH
Automotive Shop Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-4052 MEDIUM
Student Attendance Management System - SQL Injection
CVSS 4.7
CVE-2022-4051 MEDIUM
Hostel Searching Project - SQL Injection
CVSS 6.3
Details
Vulnerabilities 19,782
Exploit Likelihood High