CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,782 vulnerabilities with CWE-89
CVE-2022-43291 HIGH
Canteen Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-43290 HIGH
Canteen Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-41259 MEDIUM
SAP SQL Anywhere 17.0 - Authenticated Denial of Service via ARRAY Constructor Query
CVSS 6.5
CVE-2022-39069 MEDIUM
ZTE ZAIP-AIE < 8.22.02 - SQL Injection
CVSS 5.3
CVE-2022-43049 HIGH
Canteen Management System Project 1.0 - SQL Injection via add-food.php Component
CVSS 7.2
CVE-2022-43052 HIGH
Online Diagnostic Lab Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-43051 HIGH
Online Diagnostic Lab Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-42990 HIGH
Food Ordering Management System 1.0 - SQL Injection via all-orders.php Status Parameter
CVSS 7.2
CVE-2022-3878 HIGH
Maxon ERP - SQL Injection via tb_search Parameter
CVSS 7.3
CVE-2022-43352 HIGH
Sanitization Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-43350 HIGH
Sanitization Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-43318 HIGH
Human Resource Management System v1.0 - SQL Injection
CVSS 8.8
CVE-2022-3494 HIGH
Complianz < 6.3.4 and Complianz Premium < 6.3.6 - SQL Injection via Translation File
CVSS 8.8
CVE-2022-3481 CRITICAL
WooCommerce Dropshipping < 4.4 - Unauthenticated SQL Injection via REST Endpoint
CVSS 9.8
CVE-2022-20867 MEDIUM
Cisco AsyncOS 13.0-14.2.0 - Authenticated SQL Injection via Web Management Interface
CVSS 5.4
CVE-2022-41671 HIGH
EcoStruxure Operator Terminal Expert <V3.3 Hotfix 1 - SQL Injection
CVSS 7.0
CVE-2022-43063 HIGH
Online Diagnostic Lab Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-43062 HIGH
Online Diagnostic Lab Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-42744 CRITICAL
CandidATS 3.0.0 - SQL Injection via entriesPerPage Parameter
CVSS 9.8
CVE-2022-39323 HIGH
GLPI >=9.1 <10.0.4 - SQL Injection via REST API User Token
CVSS 7.4
CVE-2022-43068 HIGH
Online Diagnostic Lab Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-43066 HIGH
Online Diagnostic Lab Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-43227 HIGH
Online Diagnostic Lab Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-43226 HIGH
Online Diagnostic Lab Management System v1.0 - SQL Injection
CVSS 8.8
CVE-2022-41551 HIGH
Garage Management System v1.0 - SQL Injection
CVSS 7.2
Details
Vulnerabilities 19,782
Exploit Likelihood High