CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,784 vulnerabilities with CWE-89
CVE-2022-36961 HIGH
SolarWinds Orion Platform < 2022.2.0 - Authenticated SQL Injection
CVSS 8.8
CVE-2022-41440 HIGH
Billing System Project v1.0 - SQL Injection
CVSS 7.2
CVE-2022-41439 HIGH
Billing System Project v1.0 - SQL Injection
CVSS 7.2
CVE-2022-33880 CRITICAL
Hospital Management System Mini-Project <2018-06-17 - SQL Injection
CVSS 9.8
CVE-2022-40887 CRITICAL
SourceCodester Best Student Result Management System 1.0 - SQL Inje...
CVSS 9.8
CVE-2022-28815 LOW
Carlo Gavazzi UWP3.0 - Multiple, CPY Car Park Server 2.8.3 - SQL In...
CVSS 2.7
CVE-2022-28813 HIGH
Carlo Gavazzi UWP3.0 & CPY Car Park Server <2.8.3 - SQL Injection
CVSS 7.5
CVE-2022-22524 CRITICAL
Carlo Gavazzi UWP3.0 & CPY Car Park Server <2.8.3 - SQL Injection
CVSS 9.4
CVE-2022-41570 CRITICAL
EyesOfNetwork <5.3.11 - SQL Injection
CVSS 9.8
CVE-2022-40877 CRITICAL
Exam Reviewer Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2022-40354 HIGH
Online Tours & Travels Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-40353 HIGH
Online Tours & Travels Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-40352 HIGH
Online Tours & Travels Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-3323 HIGH
Advantech iView 5.7.04.6469 - SQL Injection
CVSS 7.5
CVE-2022-37209 HIGH
JFinal CMS 5.1.0 - SQL Injection
CVSS 8.8
CVE-2022-31367 HIGH
Strapi <3.6.10, <4.1.10 - Info Disclosure
CVSS 8.8
CVE-2022-40099 HIGH
Online Tours & Travels Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-40098 HIGH
Online Tours & Travels Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-40097 HIGH
Online Tours & Travels Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-30004 CRITICAL
Online Market Place Site 1.0 - Unauthenticated Blind SQL Injection via Time-Based Payload
CVSS 9.8
CVE-2022-40043 HIGH
Centreon < 21.04.16 - SQL Injection via Escalation Name Parameter
CVSS 8.8
CVE-2022-40485 CRITICAL
Wedding Planner 1.0 - SQL Injection via id Parameter at package_detail.php
CVSS 9.8
CVE-2022-40484 CRITICAL
Wedding Planner 1.0 - SQL Injection via Booking Parameter
CVSS 9.8
CVE-2022-40483 CRITICAL
Wedding Planner 1.0 - SQL Injection via id Parameter at /wedding_details.php
CVSS 9.8
CVE-2022-40928 HIGH
Online Leave Management System v1.0 - SQL Injection
CVSS 7.2
Details
Vulnerabilities 19,784
Exploit Likelihood High