CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,784 vulnerabilities with CWE-89
CVE-2022-40835 CRITICAL
B.C. Institute of Technology CodeIgniter <=3.1.13 - SQL Injection
CVSS 9.8
CVE-2022-40834 CRITICAL
B.C. Institute of Technology CodeIgniter <=3.1.13 - SQL Injection
CVSS 9.8
CVE-2022-40833 CRITICAL
B.C. Institute of Technology CodeIgniter <=3.1.13 - SQL Injection
CVSS 9.8
CVE-2022-40832 CRITICAL
B.C. Institute of Technology CodeIgniter <=3.1.13 - SQL Injection
CVSS 9.8
CVE-2022-40831 CRITICAL
B.C. Institute of Technology CodeIgniter <=3.1.13 - SQL Injection
CVSS 9.8
CVE-2022-40830 CRITICAL
B.C. Institute of Technology CodeIgniter <=3.1.13 - SQL Injection
CVSS 9.8
CVE-2022-40829 CRITICAL
B.C. Institute of Technology CodeIgniter <=3.1.13 - SQL Injection
CVSS 9.8
CVE-2022-40828 CRITICAL
B.C. Institute of Technology CodeIgniter <=3.1.13 - SQL Injection
CVSS 9.8
CVE-2022-40827 CRITICAL
B.C. Institute of Technology CodeIgniter <=3.1.13 - SQL Injection
CVSS 9.8
CVE-2022-40826 CRITICAL
B.C. Institute of Technology CodeIgniter <=3.1.13 - SQL Injection
CVSS 9.8
CVE-2022-40825 CRITICAL
B.C. Institute of Technology CodeIgniter <=3.1.13 - SQL Injection
CVSS 9.8
CVE-2022-40824 CRITICAL
B.C. Institute of Technology CodeIgniter <=3.1.13 - SQL Injection
CVSS 9.8
CVE-2022-41355 HIGH
Online Leave Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-42250 HIGH
Simple Cold Storage Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-42249 HIGH
Simple Cold Storage Management System 1.0 - SQL Injection via view_storage.php id Parameter
CVSS 7.2
CVE-2022-42243 HIGH
simple_cold_storage_management_system 1.0 - SQL Injection via manage_storage.php id Parameter
CVSS 7.2
CVE-2022-42242 HIGH
Simple Cold Storage Management System 1.0 - SQL Injection via Master.php delete_booking Parameter
CVSS 7.2
CVE-2022-42241 HIGH
simple_cold_storage_management_system 1.0 - SQL Injection via delete_message Parameter
CVSS 7.2
CVE-2022-42304 HIGH
Veritas NetBackup < 10.0 - SQL Injection in idm, nbars, and SLP Manager
CVSS 8.0
CVE-2022-42303 HIGH
Veritas NetBackup < 10.0 - SQL Injection via NBFSMCLIENT Service
CVSS 8.0
CVE-2022-42302 CRITICAL
Veritas NetBackup < 10.0 - SQL Injection via NBFSMCLIENT Service
CVSS 9.0
CVE-2022-40943 CRITICAL
Dairy Farm Shop Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2022-35156 CRITICAL
Bus Pass Management System 1.0 - SQL Injection via Searchdata Parameter
CVSS 9.8
CVE-2022-40944 CRITICAL
Dairy Farm Shop Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2022-40315 CRITICAL
moodle 3.9.0-3.9.16 - SQL Injection in User Browse Page
CVSS 9.8
Details
Vulnerabilities 19,784
Exploit Likelihood High