CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,800 vulnerabilities with CWE-89
CVE-2022-38250
CRITICAL
Nagios XI 5.8.6 - SQL Injection via MIB Name Parameter
CVSS 9.8
CVE-2022-3130
HIGH
Online Driving School Project - SQL Injection via Login Username Parameter
CVSS 7.3
CVE-2022-1807
HIGH
Sophos Firewall < 18.5 - SQL Injection in Webadmin
CVSS 7.2
CVE-2022-37185
HIGH
EMS 6.2 - SQL Injection via School Information Query Interface
CVSS 7.5
CVE-2022-2718
HIGH
JoomSport < 5.2.5 - Authenticated SQL Injection via Orderby Parameter
CVSS 7.2
CVE-2022-2717
HIGH
JoomSport < 5.2.5 - Authenticated SQL Injection via Orderby Parameter
CVSS 7.2
CVE-2022-29058
HIGH
FortiAP 6.0.0-6.4.7, 7.0.0-7.0.3, 7.2.0; FortiAP-S/W2/U - Authenticated OS Command Injection
CVSS 7.8
CVE-2022-3122
MEDIUM
Clinic's Patient Management System 1.0 - SQL Injection via Medicine Parameter in medicine_details.php
CVSS 6.3
CVE-2022-3120
HIGH
Clinic's Patient Management System - SQL Injection via Login Index.php User Name Parameter
CVSS 7.3
CVE-2022-3118
HIGH
Sourcecodehero ERP System Project - SQL Injection via User Parameter in Processlogin.php
CVSS 7.3
CVE-2022-36754
HIGH
Expense Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-36636
HIGH
Garage Management System 1.0 - SQL Injection via id Parameter
CVSS 8.8
CVE-2022-36609
CRITICAL
Clinic's Patient Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-36594
CRITICAL
MyBatis Mapper 4.0.0-4.2.0 - SQL Injection via selectByIds Function
CVSS 9.8
CVE-2022-36759
CRITICAL
Online Food Ordering System 1.0 - SQL Injection via dishes.php res_id Parameter
CVSS 9.8
CVE-2022-2238
MEDIUM
Red Hat Advanced Cluster Management for Kubernetes - Denial of Service via Search Filter Query Parsing
CVSS 6.5
CVE-2022-36676
HIGH
Simple Task Scheduling System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-36675
HIGH
Simple Task Scheduling System v1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-36674
HIGH
Simple Task Scheduling System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-36201
CRITICAL
Doctor's Appointment System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-36581
HIGH
Online Ordering System v2.3.2 - SQL Injection
CVSS 7.5
CVE-2022-38812
MEDIUM
AeroCMS 0.1.1 - SQL Injection via Author Parameter
CVSS 6.5
CVE-2022-1552
HIGH
PostgreSQL 10.0-10.20 SQL Injection via Multiple Commands
CVSS 8.8
CVE-2022-36735
CRITICAL
Library Management System 1.0 - SQL Injection via bookId Parameter
CVSS 9.8
CVE-2022-36734
CRITICAL
Library Management System 1.0 - SQL Injection via RollNo Parameter
CVSS 9.8
Details
Vulnerabilities
19,800
Exploit Likelihood
High