CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,800 vulnerabilities with CWE-89
CVE-2022-37205 HIGH
JFinal CMS 5.1.0 - SQL Injection
CVSS 8.8
CVE-2022-37204 CRITICAL
jfinal_cms 5.1.0 - SQL Injection
CVSS 9.8
CVE-2022-2177 CRITICAL
Kayrasoft < 2 - Unauthenticated SQL Injection
CVSS 9.4
CVE-2022-38509 CRITICAL
Wedding Planner v1.0 - SQL Injection
CVSS 9.8
CVE-2022-38576 HIGH
Interview Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-23767 HIGH
SecureGate - Unauthenticated SQL Injection and Path Traversal via Login and File Transfer
CVSS 8.8
CVE-2022-38618 HIGH
SmartVista SVFE2 v2.2.22 - SQL Injection
CVSS 8.8
CVE-2022-37203 CRITICAL
JFinal CMS 5.1.0 - SQL Injection
CVSS 9.8
CVE-2022-3142 HIGH
NEX-Forms < 7.9.7 - Authenticated SQL Injection via Forms Statistics Chart
CVSS 8.8
CVE-2022-3141 HIGH
TranslatePress < 2.3.3 - Authenticated SQL Injection via Language Addition
CVSS 8.8
CVE-2022-2958 HIGH
BadgeOS < 3.7.1.3 - Authenticated SQL Injection via AJAX Parameters
CVSS 8.8
CVE-2022-2840 CRITICAL
Zephyr Project Manager <3.2.5 - SQL Injection
CVSS 9.8
CVE-2022-2754 CRITICAL
Ketchup Restaurant Reservations < 1.0.0 - Unauthenticated SQL Injection via Reservation Parameters
CVSS 9.8
CVE-2022-38617 HIGH
SmartVista SVFE2 <2.2.22 - SQL Injection
CVSS 8.8
CVE-2022-40766 CRITICAL
Modern Campus Omni CMS 10.2.4 - SQL Injection via Login Page Input
CVSS 9.8
CVE-2022-40300 CRITICAL
ManageEngine Password Manager Pro PAM360 and Access Manager Plus - SQL Injection
CVSS 9.8
CVE-2022-38878 HIGH
School Activity Updates with SMS Notification <1.0 - SQL Injection
CVSS 7.2
CVE-2022-35193 HIGH
TestLink 1.9.20 - SQL Injection via execNavigator.php
CVSS 7.2
CVE-2022-38833 HIGH
School Activity Updates with SMS Notification v1.0 - SQL Injection
CVSS 7.2
CVE-2022-38832 HIGH
School Activity Updates with SMS Notification v1.0 - SQL Injection
CVSS 7.2
CVE-2022-38808 HIGH
yimihome ywoa 6.1 - SQL Injection via exportExcel.do Interface
CVSS 8.8
CVE-2022-26959 CRITICAL
Northstar Club Management <6.3 - SQL Injection
CVSS 10.0
CVE-2022-37201 HIGH
JFinal CMS 5.1.0 - SQL Injection
CVSS 8.8
CVE-2022-37207 HIGH
JFinal CMS 5.1.0 - SQL Injection
CVSS 8.8
CVE-2022-38595 HIGH
Church Management System v1.0 - SQL Injection
CVSS 7.2
Details
Vulnerabilities 19,800
Exploit Likelihood High