CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,784 vulnerabilities with CWE-89
CVE-2022-3302
HIGH
CleanTalk WordPress <5.185.1 - SQL Injection
CVSS 7.2
CVE-2022-3300
HIGH
The Form Maker <1.15.6 - SQL Injection
CVSS 7.2
CVE-2022-3246
HIGH
Blog2Social <6.9.10 - SQL Injection
CVSS 8.8
CVE-2022-42021
CRITICAL
Best Student Result Management System v1.0 - SQL Injection via notice-details.php nid Parameter
CVSS 9.8
CVE-2022-43023
MEDIUM
OpenCATS 0.9.6 - SQL Injection via Import viewerrors importID Parameter
CVSS 6.5
CVE-2022-43022
MEDIUM
OpenCATS v0.9.6 - SQL Injection via Tag Deletion Function
CVSS 6.5
CVE-2022-43021
MEDIUM
OpenCATS 0.9.6 - SQL Injection via entriesPerPage Variable
CVSS 6.5
CVE-2022-43020
MEDIUM
OpenCATS 0.9.6 - SQL Injection via Tag Update tag_id Variable
CVSS 6.5
CVE-2022-42218
HIGH
Open Source SACCO Management System 1.0 - SQL Injection via manage_loan.php
CVSS 7.2
CVE-2022-3583
HIGH
SourceCodester Canteen Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2022-3579
MEDIUM
SourceCodester Cashier Queuing System 1.0 - SQL Injection
CVSS 6.3
CVE-2022-39056
CRITICAL
RAVA Certificate Validation System - Unauthenticated SQL Injection
CVSS 9.8
CVE-2022-3158
HIGH
Rockwell Automation FactoryTalk VantagePoint 8.0-8.31 - Authenticated SQL Injection
CVSS 8.8
CVE-2022-42143
HIGH
Open Source SACCO Management System 1.0 - SQL Injection via manage_payment.php
CVSS 7.2
CVE-2022-42237
CRITICAL
Merchandise Online Store 1.0 - SQL Injection
CVSS 9.8
CVE-2022-41498
HIGH
Billing System Project v1.0 - SQL Injection
CVSS 7.2
CVE-2022-3243
HIGH
Import all XML, CSV & TXT WordPress plugin < 6.5.8 - Authenticated SQL Injection
CVSS 7.2
CVE-2022-3131
HIGH
Search Logger < 0.9 - Authenticated SQL Injection
CVSS 7.2
CVE-2022-41416
HIGH
Online Tours & Travels Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-42232
HIGH
Simple Cold Storage Management System 1.0 - SQL Injection via Master.php Delete Storage Parameter
CVSS 7.2
CVE-2022-42064
CRITICAL
Online Diagnostic Lab Management System 1.0 - SQL Injection and Shell Upload via Login Bypass
CVSS 9.8
CVE-2022-3504
MEDIUM
SourceCodester Sanitization Management System - SQL Injection
CVSS 6.3
CVE-2022-3495
HIGH
Simple Online Public Access Catalog 1.0 - SQL Injection via Admin Login Username/Password
CVSS 7.3
CVE-2022-41536
HIGH
Open Source SACCO Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-41535
HIGH
Open Source SACCO Management System v1.0 - SQL Injection
CVSS 7.2
Details
Vulnerabilities
19,784
Exploit Likelihood
High