CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,800 vulnerabilities with CWE-89
CVE-2022-38594 HIGH
Church Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-35947 CRITICAL
GLPI < 10.0.3 - SQL Injection via External Token Login Simulation
CVSS 10.0
CVE-2022-35946 MEDIUM
GLPI < 10.0.3 - Authenticated SQL Injection via Plugin Controller
CVSS 5.5
CVE-2022-37138 CRITICAL
Loan Management System 1.0 - Unauthenticated SQL Injection via Login Username Parameter
CVSS 9.8
CVE-2022-36669 CRITICAL
Hospital Information System 1.0 - SQL Injection
CVSS 9.8
CVE-2022-38771 CRITICAL
Transtek Mojodat Fixed Asset Management 2.4.6 - SQL Injection
CVSS 9.8
CVE-2022-39817 HIGH
NOKIA 1350 OMS R14.2 - Authenticated SQL Injection
CVSS 8.8
CVE-2022-38637 CRITICAL
Hospital Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-34700 HIGH
Microsoft Dynamics 365 - Remote Code Execution
CVSS 8.8
CVE-2022-38542 CRITICAL
archery 1.4.0-1.8.5 - SQL Injection via ThreadIDs Parameter
CVSS 9.8
CVE-2022-38541 CRITICAL
archery 1.8.3-1.8.5 - SQL Injection via my2sql start_time and stop_time Parameters
CVSS 9.8
CVE-2022-38540 CRITICAL
archery 1.4.0-1.8.5 - SQL Injection via ThreadIDs Parameter
CVSS 9.8
CVE-2022-38539 CRITICAL
archery 1.7.5-1.8.5 - SQL Injection via where Parameter
CVSS 9.8
CVE-2022-38538 CRITICAL
archery 1.7.0-1.8.5 - SQL Injection via Report Module Checksum Parameter
CVSS 9.8
CVE-2022-38537 CRITICAL
archery 1.4.5-1.8.5 - SQL Injection via binlog2sql Interface Parameters
CVSS 9.8
CVE-2022-38616 HIGH
SmartVista SVFE2 <2.2.22 - SQL Injection
CVSS 8.8
CVE-2022-38304 HIGH
Online Leave Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-38303 HIGH
Online Leave Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-38302 HIGH
Online Leave Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-38610 HIGH
Garage Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-38606 HIGH
Garage Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-38605 HIGH
Church Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-36259 HIGH
sazanrjb InventoryManagementSystem 1.0 - SQL Injection
CVSS 7.5
CVE-2022-36258 HIGH
sazanrjb InventoryManagementSystem 1.0 - SQL Injection
CVSS 7.5
CVE-2022-36257 HIGH
sazanrjb InventoryManagementSystem 1.0 - SQL Injection
CVSS 7.5
Details
Vulnerabilities 19,800
Exploit Likelihood High