CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,784 vulnerabilities with CWE-89
CVE-2022-41391 CRITICAL
OcoMon v4.0 - SQL Injection via cod Parameter in showImg.php
CVSS 9.8
CVE-2022-41390 CRITICAL
OcoMon v4.0 - SQL Injection via cod Parameter at download.php
CVSS 9.8
CVE-2022-39303 HIGH
ree6 < 1.7.0 - SQL Injection
CVSS 8.1
CVE-2022-34022 HIGH
ResIOT IOT Platform + LoRaWAN Network Server <4.1.1000114 - SQL Inj...
CVSS 7.2
CVE-2022-37208 HIGH
JFinal CMS 5.1.0 - SQL Injection
CVSS 8.8
CVE-2022-3473 MEDIUM
SourceCodester Human Resource Management System - SQL Injection via getstatecity.php ci Parameter
CVSS 6.3
CVE-2022-3472 MEDIUM
SourceCodester Human Resource Management System - SQL Injection via cityedit Parameter
CVSS 6.3
CVE-2022-3471 MEDIUM
SourceCodester Human Resource Management System - SQL Injection via searccity Parameter
CVSS 6.3
CVE-2022-3470 MEDIUM
SourceCodester Human Resource Management System - SQL Injection via getstatecity.php sc Parameter
CVSS 6.3
CVE-2022-41403 CRITICAL
OpenCart 3.x Newsletter Custom Popup - SQL Injection via Email Parameter
CVSS 9.8
CVE-2022-41532 HIGH
Open Source SACCO Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-41530 HIGH
Open Source SACCO Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-41408 CRITICAL
Online Pet Shop We App v1.0 - SQL Injection
CVSS 9.8
CVE-2022-41407 HIGH
Online Pet Shop We App v1.0 - SQL Injection
CVSS 7.2
CVE-2022-20351 MEDIUM
Android - SQL Injection in CallLogProvider
CVSS 5.5
CVE-2022-42230 HIGH
Simple Cold Storage Management System 1.0 - SQL Injection via manage_user ID Parameter
CVSS 7.2
CVE-2022-36635 HIGH
ZKteco ZKBioSecurity V5000 4.1.3 - SQL Injection via /baseOpLog.do
CVSS 8.8
CVE-2022-42074 HIGH
Online Diagnostic Lab Management System 1.0 - SQL Injection via Edit Category ID Parameter
CVSS 7.2
CVE-2022-42073 HIGH
Online Diagnostic Lab Management System 1.0 - SQL Injection via /diagnostic/editclient.php id Parameter
CVSS 7.2
CVE-2022-41378 HIGH
Online Pet Shop We App v1.0 - SQL Injection
CVSS 7.2
CVE-2022-41377 HIGH
Online Pet Shop We App v1.0 - SQL Injection
CVSS 7.2
CVE-2022-41515 HIGH
Open Source SACCO Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-41514 HIGH
Open Source SACCO Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-41513 HIGH
Online Diagnostic Lab Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-40872 CRITICAL
Sourcecodester Simple E-Learning System 1.0 - SQL Injection
CVSS 9.8
Details
Vulnerabilities 19,784
Exploit Likelihood High