CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,782 vulnerabilities with CWE-89
CVE-2022-43362 HIGH
Senayan Library Management System <9.4.2 - SQL Injection
CVSS 7.2
CVE-2022-43331 HIGH
Canteen Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-43330 HIGH
Canteen Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-43329 HIGH
Canteen Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-43328 HIGH
Canteen Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-40839 HIGH
NdkAdvancedCustomizationFields <3.5.0 - SQL Injection
CVSS 7.5
CVE-2022-3802 MEDIUM
IBAX go-ibax < 1.4.2 - SQL Injection via /api/v2/open/rowsInfo Where Parameter
CVSS 6.3
CVE-2022-3801 MEDIUM
IBAX go-ibax < 1.4.2 - SQL Injection via /api/v2/open/rowsInfo Order Parameter
CVSS 6.3
CVE-2022-3800 MEDIUM
IBAX go-ibax < 1.4.2 - SQL Injection via /api/v2/open/rowsInfo table_name Parameter
CVSS 6.3
CVE-2022-3799 MEDIUM
IBAX go-ibax < 1.4.2 - SQL Injection via /api/v2/open/tablesInfo
CVSS 6.3
CVE-2022-3798 MEDIUM
IBAX go-ibax < 1.4.2 - SQL Injection via /api/v2/open/tablesInfo
CVSS 6.3
CVE-2022-43127 HIGH
Online Diagnostic Lab Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-43126 HIGH
Online Diagnostic Lab Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-43125 HIGH
Online Diagnostic Lab Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-43124 HIGH
Online Diagnostic Lab Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-43086 MEDIUM
codeastro restaurant_pos_system 1.0 - SQL Injection via update_customer.php
CVSS 4.9
CVE-2022-43081 HIGH
Fast Food Ordering System 1.0 - SQL Injection via Purchase Endpoint
CVSS 7.5
CVE-2022-3789 MEDIUM
Tim Campus Confession Wall - SQL Injection via share.php post_id Parameter
CVSS 5.5
CVE-2022-43355 HIGH
Sanitization Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-43354 HIGH
Sanitization Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-43353 HIGH
Sanitization Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-3059 HIGH
Application <version> - SQL Injection
CVSS 8.6
CVE-2022-42924 HIGH
Formalms < 3.2.1 - SQL Injection
CVSS 7.6
CVE-2022-42923 HIGH
Formalms < 3.2.1 - SQL Injection
CVSS 8.3
CVE-2022-41680 HIGH
Forma LMS <3.1.0 - SQL Injection
CVSS 7.6
Details
Vulnerabilities 19,782
Exploit Likelihood High