CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,800 vulnerabilities with CWE-89
CVE-2022-38594
HIGH
Church Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-35947
CRITICAL
GLPI < 10.0.3 - SQL Injection via External Token Login Simulation
CVSS 10.0
CVE-2022-35946
MEDIUM
GLPI < 10.0.3 - Authenticated SQL Injection via Plugin Controller
CVSS 5.5
CVE-2022-37138
CRITICAL
Loan Management System 1.0 - Unauthenticated SQL Injection via Login Username Parameter
CVSS 9.8
CVE-2022-36669
CRITICAL
Hospital Information System 1.0 - SQL Injection
CVSS 9.8
CVE-2022-38771
CRITICAL
Transtek Mojodat Fixed Asset Management 2.4.6 - SQL Injection
CVSS 9.8
CVE-2022-39817
HIGH
NOKIA 1350 OMS R14.2 - Authenticated SQL Injection
CVSS 8.8
CVE-2022-38637
CRITICAL
Hospital Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-34700
HIGH
Microsoft Dynamics 365 - Remote Code Execution
CVSS 8.8
CVE-2022-38542
CRITICAL
archery 1.4.0-1.8.5 - SQL Injection via ThreadIDs Parameter
CVSS 9.8
CVE-2022-38541
CRITICAL
archery 1.8.3-1.8.5 - SQL Injection via my2sql start_time and stop_time Parameters
CVSS 9.8
CVE-2022-38540
CRITICAL
archery 1.4.0-1.8.5 - SQL Injection via ThreadIDs Parameter
CVSS 9.8
CVE-2022-38539
CRITICAL
archery 1.7.5-1.8.5 - SQL Injection via where Parameter
CVSS 9.8
CVE-2022-38538
CRITICAL
archery 1.7.0-1.8.5 - SQL Injection via Report Module Checksum Parameter
CVSS 9.8
CVE-2022-38537
CRITICAL
archery 1.4.5-1.8.5 - SQL Injection via binlog2sql Interface Parameters
CVSS 9.8
CVE-2022-38616
HIGH
SmartVista SVFE2 <2.2.22 - SQL Injection
CVSS 8.8
CVE-2022-38304
HIGH
Online Leave Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-38303
HIGH
Online Leave Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-38302
HIGH
Online Leave Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-38610
HIGH
Garage Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-38606
HIGH
Garage Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-38605
HIGH
Church Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-36259
HIGH
sazanrjb InventoryManagementSystem 1.0 - SQL Injection
CVSS 7.5
CVE-2022-36258
HIGH
sazanrjb InventoryManagementSystem 1.0 - SQL Injection
CVSS 7.5
CVE-2022-36257
HIGH
sazanrjb InventoryManagementSystem 1.0 - SQL Injection
CVSS 7.5
Details
Vulnerabilities
19,800
Exploit Likelihood
High