CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,782 vulnerabilities with CWE-89
CVE-2022-43291
HIGH
Canteen Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-43290
HIGH
Canteen Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-41259
MEDIUM
SAP SQL Anywhere 17.0 - Authenticated Denial of Service via ARRAY Constructor Query
CVSS 6.5
CVE-2022-39069
MEDIUM
ZTE ZAIP-AIE < 8.22.02 - SQL Injection
CVSS 5.3
CVE-2022-43049
HIGH
Canteen Management System Project 1.0 - SQL Injection via add-food.php Component
CVSS 7.2
CVE-2022-43052
HIGH
Online Diagnostic Lab Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-43051
HIGH
Online Diagnostic Lab Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-42990
HIGH
Food Ordering Management System 1.0 - SQL Injection via all-orders.php Status Parameter
CVSS 7.2
CVE-2022-3878
HIGH
Maxon ERP - SQL Injection via tb_search Parameter
CVSS 7.3
CVE-2022-43352
HIGH
Sanitization Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-43350
HIGH
Sanitization Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-43318
HIGH
Human Resource Management System v1.0 - SQL Injection
CVSS 8.8
CVE-2022-3494
HIGH
Complianz < 6.3.4 and Complianz Premium < 6.3.6 - SQL Injection via Translation File
CVSS 8.8
CVE-2022-3481
CRITICAL
WooCommerce Dropshipping < 4.4 - Unauthenticated SQL Injection via REST Endpoint
CVSS 9.8
CVE-2022-20867
MEDIUM
Cisco AsyncOS 13.0-14.2.0 - Authenticated SQL Injection via Web Management Interface
CVSS 5.4
CVE-2022-41671
HIGH
EcoStruxure Operator Terminal Expert <V3.3 Hotfix 1 - SQL Injection
CVSS 7.0
CVE-2022-43063
HIGH
Online Diagnostic Lab Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-43062
HIGH
Online Diagnostic Lab Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-42744
CRITICAL
CandidATS 3.0.0 - SQL Injection via entriesPerPage Parameter
CVSS 9.8
CVE-2022-39323
HIGH
GLPI >=9.1 <10.0.4 - SQL Injection via REST API User Token
CVSS 7.4
CVE-2022-43068
HIGH
Online Diagnostic Lab Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-43066
HIGH
Online Diagnostic Lab Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-43227
HIGH
Online Diagnostic Lab Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-43226
HIGH
Online Diagnostic Lab Management System v1.0 - SQL Injection
CVSS 8.8
CVE-2022-41551
HIGH
Garage Management System v1.0 - SQL Injection
CVSS 7.2
Details
Vulnerabilities
19,782
Exploit Likelihood
High