CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,782 vulnerabilities with CWE-89
CVE-2022-42245 CRITICAL
Dreamer CMS 4.0.01 - SQL Injection
CVSS 9.8
CVE-2022-44003 CRITICAL
BACKCLICK Professional <5.9.63 - SQL Injection
CVSS 9.8
CVE-2022-43135 CRITICAL
Online Diagnostic Lab Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-43262 CRITICAL
Human Resource Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-43256 CRITICAL
SeaCms < 12.6 - SQL Injection via DM Player DMKU Index Component
CVSS 9.8
CVE-2022-4015 MEDIUM
Sports Club Management System 119 - SQL Injection
CVSS 4.7
CVE-2022-4012 MEDIUM
Hospital Management Center - SQL Injection
CVSS 6.3
CVE-2022-43279 HIGH
LimeSurvey < 5.0.4 - SQL Injection via update.php
CVSS 7.2
CVE-2022-42122 CRITICAL
Liferay DXP 7.3.7 and 7.3.10.fp2-7.3.10.u3 - SQL Injection via Friendly URL Title Field
CVSS 9.8
CVE-2022-42121 HIGH
Liferay Portal 7.1.3-7.4.3.4 and DXP - Authenticated SQL Injection via Page Template Name Field
CVSS 8.8
CVE-2022-42120 CRITICAL
Liferay DXP 7.3.3-7.4.3.16 - SQL Injection via PortletPreferences Namespace Attribute
CVSS 9.8
CVE-2022-42984 CRITICAL
WoWonder 4.1.4 - SQL Injection via Search Recipients Offset Parameter
CVSS 9.8
CVE-2022-40405 HIGH
WoWonder 4.1.2 - SQL Injection via offset Parameter
CVSS 7.5
CVE-2022-43288 HIGH
Rukovoditel 3.2.1 - SQL Injection via order_by Parameter
CVSS 8.8
CVE-2022-43672 CRITICAL
Zoho ManageEngine <12122, PAM360 <5711, Access Manager Plus <4306 -...
CVSS 9.8
CVE-2022-43671 CRITICAL
Zoho ManageEngine <12122, PAM360 <5711, Access Manager Plus <4306 -...
CVSS 9.8
CVE-2022-3956 MEDIUM
HHIMS 2.1 - SQL Injection via Patient Portrait Handler PID Argument
CVSS 6.3
CVE-2022-3955 HIGH
crm42 - SQL Injection via user_name Parameter in Login Component
CVSS 7.3
CVE-2022-3948 MEDIUM
eolink goku_lite - SQL Injection via /plugin/getList route/keyword Parameter
CVSS 6.3
CVE-2022-3947 MEDIUM
eolink goku_lite - SQL Injection via /balance/service/list Route/Keyword Parameter
CVSS 6.3
CVE-2022-41892 HIGH
Arches < 6.1.1, 6.1.2-6.2.1, 7.1.2 - SQL Injection
CVSS 8.6
CVE-2022-44727 CRITICAL
EU Cookie Law GDPR (Banner + Blocker) < 2.1.3 - SQL Injection via lgcookieslaw Cookie
CVSS 9.1
CVE-2022-43058 CRITICAL
Online Diagnostic Lab Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-43278 HIGH
Canteen Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-43292 HIGH
Canteen Management System v1.0 - SQL Injection
CVSS 7.2
Details
Vulnerabilities 19,782
Exploit Likelihood High