CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,782 vulnerabilities with CWE-89
CVE-2022-42245
CRITICAL
Dreamer CMS 4.0.01 - SQL Injection
CVSS 9.8
CVE-2022-44003
CRITICAL
BACKCLICK Professional <5.9.63 - SQL Injection
CVSS 9.8
CVE-2022-43135
CRITICAL
Online Diagnostic Lab Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-43262
CRITICAL
Human Resource Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-43256
CRITICAL
SeaCms < 12.6 - SQL Injection via DM Player DMKU Index Component
CVSS 9.8
CVE-2022-4015
MEDIUM
Sports Club Management System 119 - SQL Injection
CVSS 4.7
CVE-2022-4012
MEDIUM
Hospital Management Center - SQL Injection
CVSS 6.3
CVE-2022-43279
HIGH
LimeSurvey < 5.0.4 - SQL Injection via update.php
CVSS 7.2
CVE-2022-42122
CRITICAL
Liferay DXP 7.3.7 and 7.3.10.fp2-7.3.10.u3 - SQL Injection via Friendly URL Title Field
CVSS 9.8
CVE-2022-42121
HIGH
Liferay Portal 7.1.3-7.4.3.4 and DXP - Authenticated SQL Injection via Page Template Name Field
CVSS 8.8
CVE-2022-42120
CRITICAL
Liferay DXP 7.3.3-7.4.3.16 - SQL Injection via PortletPreferences Namespace Attribute
CVSS 9.8
CVE-2022-42984
CRITICAL
WoWonder 4.1.4 - SQL Injection via Search Recipients Offset Parameter
CVSS 9.8
CVE-2022-40405
HIGH
WoWonder 4.1.2 - SQL Injection via offset Parameter
CVSS 7.5
CVE-2022-43288
HIGH
Rukovoditel 3.2.1 - SQL Injection via order_by Parameter
CVSS 8.8
CVE-2022-43672
CRITICAL
Zoho ManageEngine <12122, PAM360 <5711, Access Manager Plus <4306 -...
CVSS 9.8
CVE-2022-43671
CRITICAL
Zoho ManageEngine <12122, PAM360 <5711, Access Manager Plus <4306 -...
CVSS 9.8
CVE-2022-3956
MEDIUM
HHIMS 2.1 - SQL Injection via Patient Portrait Handler PID Argument
CVSS 6.3
CVE-2022-3955
HIGH
crm42 - SQL Injection via user_name Parameter in Login Component
CVSS 7.3
CVE-2022-3948
MEDIUM
eolink goku_lite - SQL Injection via /plugin/getList route/keyword Parameter
CVSS 6.3
CVE-2022-3947
MEDIUM
eolink goku_lite - SQL Injection via /balance/service/list Route/Keyword Parameter
CVSS 6.3
CVE-2022-41892
HIGH
Arches < 6.1.1, 6.1.2-6.2.1, 7.1.2 - SQL Injection
CVSS 8.6
CVE-2022-44727
CRITICAL
EU Cookie Law GDPR (Banner + Blocker) < 2.1.3 - SQL Injection via lgcookieslaw Cookie
CVSS 9.1
CVE-2022-43058
CRITICAL
Online Diagnostic Lab Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-43278
HIGH
Canteen Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-43292
HIGH
Canteen Management System v1.0 - SQL Injection
CVSS 7.2
Details
Vulnerabilities
19,782
Exploit Likelihood
High