CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,784 vulnerabilities with CWE-89
CVE-2022-3302 HIGH
CleanTalk WordPress <5.185.1 - SQL Injection
CVSS 7.2
CVE-2022-3300 HIGH
The Form Maker <1.15.6 - SQL Injection
CVSS 7.2
CVE-2022-3246 HIGH
Blog2Social <6.9.10 - SQL Injection
CVSS 8.8
CVE-2022-42021 CRITICAL
Best Student Result Management System v1.0 - SQL Injection via notice-details.php nid Parameter
CVSS 9.8
CVE-2022-43023 MEDIUM
OpenCATS 0.9.6 - SQL Injection via Import viewerrors importID Parameter
CVSS 6.5
CVE-2022-43022 MEDIUM
OpenCATS v0.9.6 - SQL Injection via Tag Deletion Function
CVSS 6.5
CVE-2022-43021 MEDIUM
OpenCATS 0.9.6 - SQL Injection via entriesPerPage Variable
CVSS 6.5
CVE-2022-43020 MEDIUM
OpenCATS 0.9.6 - SQL Injection via Tag Update tag_id Variable
CVSS 6.5
CVE-2022-42218 HIGH
Open Source SACCO Management System 1.0 - SQL Injection via manage_loan.php
CVSS 7.2
CVE-2022-3583 HIGH
SourceCodester Canteen Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2022-3579 MEDIUM
SourceCodester Cashier Queuing System 1.0 - SQL Injection
CVSS 6.3
CVE-2022-39056 CRITICAL
RAVA Certificate Validation System - Unauthenticated SQL Injection
CVSS 9.8
CVE-2022-3158 HIGH
Rockwell Automation FactoryTalk VantagePoint 8.0-8.31 - Authenticated SQL Injection
CVSS 8.8
CVE-2022-42143 HIGH
Open Source SACCO Management System 1.0 - SQL Injection via manage_payment.php
CVSS 7.2
CVE-2022-42237 CRITICAL
Merchandise Online Store 1.0 - SQL Injection
CVSS 9.8
CVE-2022-41498 HIGH
Billing System Project v1.0 - SQL Injection
CVSS 7.2
CVE-2022-3243 HIGH
Import all XML, CSV & TXT WordPress plugin < 6.5.8 - Authenticated SQL Injection
CVSS 7.2
CVE-2022-3131 HIGH
Search Logger < 0.9 - Authenticated SQL Injection
CVSS 7.2
CVE-2022-41416 HIGH
Online Tours & Travels Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-42232 HIGH
Simple Cold Storage Management System 1.0 - SQL Injection via Master.php Delete Storage Parameter
CVSS 7.2
CVE-2022-42064 CRITICAL
Online Diagnostic Lab Management System 1.0 - SQL Injection and Shell Upload via Login Bypass
CVSS 9.8
CVE-2022-3504 MEDIUM
SourceCodester Sanitization Management System - SQL Injection
CVSS 6.3
CVE-2022-3495 HIGH
Simple Online Public Access Catalog 1.0 - SQL Injection via Admin Login Username/Password
CVSS 7.3
CVE-2022-41536 HIGH
Open Source SACCO Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-41535 HIGH
Open Source SACCO Management System v1.0 - SQL Injection
CVSS 7.2
Details
Vulnerabilities 19,784
Exploit Likelihood High