CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,782 vulnerabilities with CWE-89
CVE-2022-3254
CRITICAL
WordPress Classifieds Plugin <4.3 - SQL Injection
CVSS 9.8
CVE-2022-43233
HIGH
Canteen Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-43232
HIGH
Canteen Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-43230
HIGH
Simple Cold Storage Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-43229
HIGH
Simple Cold Storage Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-43228
HIGH
Barangay Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-43168
CRITICAL
Rukovoditel 3.2.1 - SQL Injection via reports_id Parameter
CVSS 9.8
CVE-2022-43276
HIGH
Canteen Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-3732
MEDIUM
ehoney - SQL Injection via /api/v1/bait/set Payload Parameter
CVSS 6.3
CVE-2022-3729
MEDIUM
ehoney - SQL Injection via AttackIP Parameter
CVSS 6.3
CVE-2022-41773
HIGH
DIAEnergie <1.9.01.002 - SQL Injection
CVSS 8.8
CVE-2022-41133
HIGH
DIAEnergie <1.9.01.002 - SQL Injection
CVSS 8.8
CVE-2022-40967
HIGH
DIAEnergie <1.9.01.002 - SQL Injection
CVSS 8.8
CVE-2022-39976
CRITICAL
School Activity Updates with SMS Notification 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-3714
MEDIUM
SourceCodester Online Medicine Ordering System 1.0 - SQL Injection via admin/?page=orders/view_order id Parameter
CVSS 5.0
CVE-2022-43775
CRITICAL
Delta Electronics DIAEnergy <1.9 - SQL Injection
CVSS 9.8
CVE-2022-43774
CRITICAL
Delta Electronics DIAEnergy <1.9 - SQL Injection
CVSS 9.8
CVE-2022-37202
HIGH
jfinal_cms 5.1.0 - SQL Injection via /admin/advicefeedback/list
CVSS 8.8
CVE-2022-3671
MEDIUM
SourceCodester eLearning System 1.0 - SQL Injection via /admin/students/manage.php id Parameter
CVSS 6.3
CVE-2022-2422
CRITICAL
feathers-sequelize 6.0.0-6.3.3 - SQL Injection
CVSS 10.0
CVE-2022-2421
CRITICAL
socket.io-parser < 3.3.3 and 4.0.0-4.0.5 - SQL Injection via Attachment Parsing
CVSS 10.0
CVE-2022-29822
CRITICAL
feathers-sequelize 6.0.0-6.3.3 - SQL Injection via Improper Parameter Filtering
CVSS 10.0
CVE-2022-3395
HIGH
WP All Export Pro <1.7.9 - SQL Injection
CVSS 8.8
CVE-2022-3302
HIGH
CleanTalk WordPress <5.185.1 - SQL Injection
CVSS 7.2
CVE-2022-3300
HIGH
The Form Maker <1.15.6 - SQL Injection
CVSS 7.2
Details
Vulnerabilities
19,782
Exploit Likelihood
High