CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,784 vulnerabilities with CWE-89
CVE-2022-36961
HIGH
SolarWinds Orion Platform < 2022.2.0 - Authenticated SQL Injection
CVSS 8.8
CVE-2022-41440
HIGH
Billing System Project v1.0 - SQL Injection
CVSS 7.2
CVE-2022-41439
HIGH
Billing System Project v1.0 - SQL Injection
CVSS 7.2
CVE-2022-33880
CRITICAL
Hospital Management System Mini-Project <2018-06-17 - SQL Injection
CVSS 9.8
CVE-2022-40887
CRITICAL
SourceCodester Best Student Result Management System 1.0 - SQL Inje...
CVSS 9.8
CVE-2022-28815
LOW
Carlo Gavazzi UWP3.0 - Multiple, CPY Car Park Server 2.8.3 - SQL In...
CVSS 2.7
CVE-2022-28813
HIGH
Carlo Gavazzi UWP3.0 & CPY Car Park Server <2.8.3 - SQL Injection
CVSS 7.5
CVE-2022-22524
CRITICAL
Carlo Gavazzi UWP3.0 & CPY Car Park Server <2.8.3 - SQL Injection
CVSS 9.4
CVE-2022-41570
CRITICAL
EyesOfNetwork <5.3.11 - SQL Injection
CVSS 9.8
CVE-2022-40877
CRITICAL
Exam Reviewer Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2022-40354
HIGH
Online Tours & Travels Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-40353
HIGH
Online Tours & Travels Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-40352
HIGH
Online Tours & Travels Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-3323
HIGH
Advantech iView 5.7.04.6469 - SQL Injection
CVSS 7.5
CVE-2022-37209
HIGH
JFinal CMS 5.1.0 - SQL Injection
CVSS 8.8
CVE-2022-31367
HIGH
Strapi <3.6.10, <4.1.10 - Info Disclosure
CVSS 8.8
CVE-2022-40099
HIGH
Online Tours & Travels Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-40098
HIGH
Online Tours & Travels Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-40097
HIGH
Online Tours & Travels Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-30004
CRITICAL
Online Market Place Site 1.0 - Unauthenticated Blind SQL Injection via Time-Based Payload
CVSS 9.8
CVE-2022-40043
HIGH
Centreon < 21.04.16 - SQL Injection via Escalation Name Parameter
CVSS 8.8
CVE-2022-40485
CRITICAL
Wedding Planner 1.0 - SQL Injection via id Parameter at package_detail.php
CVSS 9.8
CVE-2022-40484
CRITICAL
Wedding Planner 1.0 - SQL Injection via Booking Parameter
CVSS 9.8
CVE-2022-40483
CRITICAL
Wedding Planner 1.0 - SQL Injection via id Parameter at /wedding_details.php
CVSS 9.8
CVE-2022-40928
HIGH
Online Leave Management System v1.0 - SQL Injection
CVSS 7.2
Details
Vulnerabilities
19,784
Exploit Likelihood
High