CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,800 vulnerabilities with CWE-89
CVE-2022-37205
HIGH
JFinal CMS 5.1.0 - SQL Injection
CVSS 8.8
CVE-2022-37204
CRITICAL
jfinal_cms 5.1.0 - SQL Injection
CVSS 9.8
CVE-2022-2177
CRITICAL
Kayrasoft < 2 - Unauthenticated SQL Injection
CVSS 9.4
CVE-2022-38509
CRITICAL
Wedding Planner v1.0 - SQL Injection
CVSS 9.8
CVE-2022-38576
HIGH
Interview Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-23767
HIGH
SecureGate - Unauthenticated SQL Injection and Path Traversal via Login and File Transfer
CVSS 8.8
CVE-2022-38618
HIGH
SmartVista SVFE2 v2.2.22 - SQL Injection
CVSS 8.8
CVE-2022-37203
CRITICAL
JFinal CMS 5.1.0 - SQL Injection
CVSS 9.8
CVE-2022-3142
HIGH
NEX-Forms < 7.9.7 - Authenticated SQL Injection via Forms Statistics Chart
CVSS 8.8
CVE-2022-3141
HIGH
TranslatePress < 2.3.3 - Authenticated SQL Injection via Language Addition
CVSS 8.8
CVE-2022-2958
HIGH
BadgeOS < 3.7.1.3 - Authenticated SQL Injection via AJAX Parameters
CVSS 8.8
CVE-2022-2840
CRITICAL
Zephyr Project Manager <3.2.5 - SQL Injection
CVSS 9.8
CVE-2022-2754
CRITICAL
Ketchup Restaurant Reservations < 1.0.0 - Unauthenticated SQL Injection via Reservation Parameters
CVSS 9.8
CVE-2022-38617
HIGH
SmartVista SVFE2 <2.2.22 - SQL Injection
CVSS 8.8
CVE-2022-40766
CRITICAL
Modern Campus Omni CMS 10.2.4 - SQL Injection via Login Page Input
CVSS 9.8
CVE-2022-40300
CRITICAL
ManageEngine Password Manager Pro PAM360 and Access Manager Plus - SQL Injection
CVSS 9.8
CVE-2022-38878
HIGH
School Activity Updates with SMS Notification <1.0 - SQL Injection
CVSS 7.2
CVE-2022-35193
HIGH
TestLink 1.9.20 - SQL Injection via execNavigator.php
CVSS 7.2
CVE-2022-38833
HIGH
School Activity Updates with SMS Notification v1.0 - SQL Injection
CVSS 7.2
CVE-2022-38832
HIGH
School Activity Updates with SMS Notification v1.0 - SQL Injection
CVSS 7.2
CVE-2022-38808
HIGH
yimihome ywoa 6.1 - SQL Injection via exportExcel.do Interface
CVSS 8.8
CVE-2022-26959
CRITICAL
Northstar Club Management <6.3 - SQL Injection
CVSS 10.0
CVE-2022-37201
HIGH
JFinal CMS 5.1.0 - SQL Injection
CVSS 8.8
CVE-2022-37207
HIGH
JFinal CMS 5.1.0 - SQL Injection
CVSS 8.8
CVE-2022-38595
HIGH
Church Management System v1.0 - SQL Injection
CVSS 7.2
Details
Vulnerabilities
19,800
Exploit Likelihood
High