CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,784 vulnerabilities with CWE-89
CVE-2022-40026 HIGH
Simple Task Managing System 1.0 - SQL Injection via bookId Parameter
CVSS 7.2
CVE-2022-0495 CRITICAL
Parantez Teknoloji KOHA Library Automation < 19.05.03 - Unauthenticated SQL Injection
CVSS 9.4
CVE-2022-2315 CRITICAL
databank accreditation_tracking/presentation_module < 2 - Unauthenticated SQL Injection
CVSS 9.4
CVE-2022-38619 CRITICAL
SmartVista SVFE2 <2.2.22 - SQL Injection
CVSS 9.8
CVE-2022-23696 HIGH
Aruba ClearPass Policy Manager 6.9.0-6.9.11 and 6.10.0-6.10.6 - Authenticated SQL Injection
CVSS 8.8
CVE-2022-23695 HIGH
Aruba ClearPass Policy Manager 6.9.0-6.9.11 and 6.10.0-6.10.6 - Authenticated SQL Injection
CVSS 8.8
CVE-2022-23694 HIGH
Aruba ClearPass Policy Manager 6.9.0-6.9.11 and 6.10.0-6.10.6 - Authenticated SQL Injection
CVSS 8.8
CVE-2022-23693 HIGH
Aruba ClearPass Policy Manager 6.9.0-6.9.11 and 6.10.0-6.10.6 - Authenticated SQL Injection
CVSS 8.8
CVE-2022-23692 HIGH
ClearPass Policy Manager 6.9.0-6.9.11 and 6.10.0-6.10.6 - Authenticated SQL Injection
CVSS 8.8
CVE-2022-37205 HIGH
JFinal CMS 5.1.0 - SQL Injection
CVSS 8.8
CVE-2022-37204 CRITICAL
jfinal_cms 5.1.0 - SQL Injection
CVSS 9.8
CVE-2022-2177 CRITICAL
Kayrasoft < 2 - Unauthenticated SQL Injection
CVSS 9.4
CVE-2022-38509 CRITICAL
Wedding Planner v1.0 - SQL Injection
CVSS 9.8
CVE-2022-38576 HIGH
Interview Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-23767 HIGH
SecureGate - Unauthenticated SQL Injection and Path Traversal via Login and File Transfer
CVSS 8.8
CVE-2022-38618 HIGH
SmartVista SVFE2 v2.2.22 - SQL Injection
CVSS 8.8
CVE-2022-37203 CRITICAL
JFinal CMS 5.1.0 - SQL Injection
CVSS 9.8
CVE-2022-3142 HIGH
NEX-Forms < 7.9.7 - Authenticated SQL Injection via Forms Statistics Chart
CVSS 8.8
CVE-2022-3141 HIGH
TranslatePress < 2.3.3 - Authenticated SQL Injection via Language Addition
CVSS 8.8
CVE-2022-2958 HIGH
BadgeOS < 3.7.1.3 - Authenticated SQL Injection via AJAX Parameters
CVSS 8.8
CVE-2022-2840 CRITICAL
Zephyr Project Manager <3.2.5 - SQL Injection
CVSS 9.8
CVE-2022-2754 CRITICAL
Ketchup Restaurant Reservations < 1.0.0 - Unauthenticated SQL Injection via Reservation Parameters
CVSS 9.8
CVE-2022-38617 HIGH
SmartVista SVFE2 <2.2.22 - SQL Injection
CVSS 8.8
CVE-2022-40766 CRITICAL
Modern Campus Omni CMS 10.2.4 - SQL Injection via Login Page Input
CVSS 9.8
CVE-2022-40300 CRITICAL
ManageEngine Password Manager Pro PAM360 and Access Manager Plus - SQL Injection
CVSS 9.8
Details
Vulnerabilities 19,784
Exploit Likelihood High