CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,784 vulnerabilities with CWE-89
CVE-2022-41391
CRITICAL
OcoMon v4.0 - SQL Injection via cod Parameter in showImg.php
CVSS 9.8
CVE-2022-41390
CRITICAL
OcoMon v4.0 - SQL Injection via cod Parameter at download.php
CVSS 9.8
CVE-2022-39303
HIGH
ree6 < 1.7.0 - SQL Injection
CVSS 8.1
CVE-2022-34022
HIGH
ResIOT IOT Platform + LoRaWAN Network Server <4.1.1000114 - SQL Inj...
CVSS 7.2
CVE-2022-37208
HIGH
JFinal CMS 5.1.0 - SQL Injection
CVSS 8.8
CVE-2022-3473
MEDIUM
SourceCodester Human Resource Management System - SQL Injection via getstatecity.php ci Parameter
CVSS 6.3
CVE-2022-3472
MEDIUM
SourceCodester Human Resource Management System - SQL Injection via cityedit Parameter
CVSS 6.3
CVE-2022-3471
MEDIUM
SourceCodester Human Resource Management System - SQL Injection via searccity Parameter
CVSS 6.3
CVE-2022-3470
MEDIUM
SourceCodester Human Resource Management System - SQL Injection via getstatecity.php sc Parameter
CVSS 6.3
CVE-2022-41403
CRITICAL
OpenCart 3.x Newsletter Custom Popup - SQL Injection via Email Parameter
CVSS 9.8
CVE-2022-41532
HIGH
Open Source SACCO Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-41530
HIGH
Open Source SACCO Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-41408
CRITICAL
Online Pet Shop We App v1.0 - SQL Injection
CVSS 9.8
CVE-2022-41407
HIGH
Online Pet Shop We App v1.0 - SQL Injection
CVSS 7.2
CVE-2022-20351
MEDIUM
Android - SQL Injection in CallLogProvider
CVSS 5.5
CVE-2022-42230
HIGH
Simple Cold Storage Management System 1.0 - SQL Injection via manage_user ID Parameter
CVSS 7.2
CVE-2022-36635
HIGH
ZKteco ZKBioSecurity V5000 4.1.3 - SQL Injection via /baseOpLog.do
CVSS 8.8
CVE-2022-42074
HIGH
Online Diagnostic Lab Management System 1.0 - SQL Injection via Edit Category ID Parameter
CVSS 7.2
CVE-2022-42073
HIGH
Online Diagnostic Lab Management System 1.0 - SQL Injection via /diagnostic/editclient.php id Parameter
CVSS 7.2
CVE-2022-41378
HIGH
Online Pet Shop We App v1.0 - SQL Injection
CVSS 7.2
CVE-2022-41377
HIGH
Online Pet Shop We App v1.0 - SQL Injection
CVSS 7.2
CVE-2022-41515
HIGH
Open Source SACCO Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-41514
HIGH
Open Source SACCO Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-41513
HIGH
Online Diagnostic Lab Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-40872
CRITICAL
Sourcecodester Simple E-Learning System 1.0 - SQL Injection
CVSS 9.8
Details
Vulnerabilities
19,784
Exploit Likelihood
High