CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,800 vulnerabilities with CWE-89
CVE-2022-38250 CRITICAL
Nagios XI 5.8.6 - SQL Injection via MIB Name Parameter
CVSS 9.8
CVE-2022-3130 HIGH
Online Driving School Project - SQL Injection via Login Username Parameter
CVSS 7.3
CVE-2022-1807 HIGH
Sophos Firewall < 18.5 - SQL Injection in Webadmin
CVSS 7.2
CVE-2022-37185 HIGH
EMS 6.2 - SQL Injection via School Information Query Interface
CVSS 7.5
CVE-2022-2718 HIGH
JoomSport < 5.2.5 - Authenticated SQL Injection via Orderby Parameter
CVSS 7.2
CVE-2022-2717 HIGH
JoomSport < 5.2.5 - Authenticated SQL Injection via Orderby Parameter
CVSS 7.2
CVE-2022-29058 HIGH
FortiAP 6.0.0-6.4.7, 7.0.0-7.0.3, 7.2.0; FortiAP-S/W2/U - Authenticated OS Command Injection
CVSS 7.8
CVE-2022-3122 MEDIUM
Clinic's Patient Management System 1.0 - SQL Injection via Medicine Parameter in medicine_details.php
CVSS 6.3
CVE-2022-3120 HIGH
Clinic's Patient Management System - SQL Injection via Login Index.php User Name Parameter
CVSS 7.3
CVE-2022-3118 HIGH
Sourcecodehero ERP System Project - SQL Injection via User Parameter in Processlogin.php
CVSS 7.3
CVE-2022-36754 HIGH
Expense Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-36636 HIGH
Garage Management System 1.0 - SQL Injection via id Parameter
CVSS 8.8
CVE-2022-36609 CRITICAL
Clinic's Patient Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-36594 CRITICAL
MyBatis Mapper 4.0.0-4.2.0 - SQL Injection via selectByIds Function
CVSS 9.8
CVE-2022-36759 CRITICAL
Online Food Ordering System 1.0 - SQL Injection via dishes.php res_id Parameter
CVSS 9.8
CVE-2022-2238 MEDIUM
Red Hat Advanced Cluster Management for Kubernetes - Denial of Service via Search Filter Query Parsing
CVSS 6.5
CVE-2022-36676 HIGH
Simple Task Scheduling System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-36675 HIGH
Simple Task Scheduling System v1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-36674 HIGH
Simple Task Scheduling System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-36201 CRITICAL
Doctor's Appointment System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-36581 HIGH
Online Ordering System v2.3.2 - SQL Injection
CVSS 7.5
CVE-2022-38812 MEDIUM
AeroCMS 0.1.1 - SQL Injection via Author Parameter
CVSS 6.5
CVE-2022-1552 HIGH
PostgreSQL 10.0-10.20 SQL Injection via Multiple Commands
CVSS 8.8
CVE-2022-36735 CRITICAL
Library Management System 1.0 - SQL Injection via bookId Parameter
CVSS 9.8
CVE-2022-36734 CRITICAL
Library Management System 1.0 - SQL Injection via RollNo Parameter
CVSS 9.8
Details
Vulnerabilities 19,800
Exploit Likelihood High