CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,782 vulnerabilities with CWE-89
CVE-2022-3254 CRITICAL
WordPress Classifieds Plugin <4.3 - SQL Injection
CVSS 9.8
CVE-2022-43233 HIGH
Canteen Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-43232 HIGH
Canteen Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-43230 HIGH
Simple Cold Storage Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-43229 HIGH
Simple Cold Storage Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-43228 HIGH
Barangay Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-43168 CRITICAL
Rukovoditel 3.2.1 - SQL Injection via reports_id Parameter
CVSS 9.8
CVE-2022-43276 HIGH
Canteen Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-3732 MEDIUM
ehoney - SQL Injection via /api/v1/bait/set Payload Parameter
CVSS 6.3
CVE-2022-3729 MEDIUM
ehoney - SQL Injection via AttackIP Parameter
CVSS 6.3
CVE-2022-41773 HIGH
DIAEnergie <1.9.01.002 - SQL Injection
CVSS 8.8
CVE-2022-41133 HIGH
DIAEnergie <1.9.01.002 - SQL Injection
CVSS 8.8
CVE-2022-40967 HIGH
DIAEnergie <1.9.01.002 - SQL Injection
CVSS 8.8
CVE-2022-39976 CRITICAL
School Activity Updates with SMS Notification 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-3714 MEDIUM
SourceCodester Online Medicine Ordering System 1.0 - SQL Injection via admin/?page=orders/view_order id Parameter
CVSS 5.0
CVE-2022-43775 CRITICAL
Delta Electronics DIAEnergy <1.9 - SQL Injection
CVSS 9.8
CVE-2022-43774 CRITICAL
Delta Electronics DIAEnergy <1.9 - SQL Injection
CVSS 9.8
CVE-2022-37202 HIGH
jfinal_cms 5.1.0 - SQL Injection via /admin/advicefeedback/list
CVSS 8.8
CVE-2022-3671 MEDIUM
SourceCodester eLearning System 1.0 - SQL Injection via /admin/students/manage.php id Parameter
CVSS 6.3
CVE-2022-2422 CRITICAL
feathers-sequelize 6.0.0-6.3.3 - SQL Injection
CVSS 10.0
CVE-2022-2421 CRITICAL
socket.io-parser < 3.3.3 and 4.0.0-4.0.5 - SQL Injection via Attachment Parsing
CVSS 10.0
CVE-2022-29822 CRITICAL
feathers-sequelize 6.0.0-6.3.3 - SQL Injection via Improper Parameter Filtering
CVSS 10.0
CVE-2022-3395 HIGH
WP All Export Pro <1.7.9 - SQL Injection
CVSS 8.8
CVE-2022-3302 HIGH
CleanTalk WordPress <5.185.1 - SQL Injection
CVSS 7.2
CVE-2022-3300 HIGH
The Form Maker <1.15.6 - SQL Injection
CVSS 7.2
Details
Vulnerabilities 19,782
Exploit Likelihood High