CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,801 vulnerabilities with CWE-89
CVE-2022-36734 CRITICAL
Library Management System 1.0 - SQL Injection via RollNo Parameter
CVSS 9.8
CVE-2022-36733 CRITICAL
Library Management System 1.0 - SQL Injection via M_Id Parameter
CVSS 9.8
CVE-2022-36732 CRITICAL
Library Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-36731 CRITICAL
Library Management System 1.0 - SQL Injection via RollNo Parameter
CVSS 9.8
CVE-2022-36730 CRITICAL
Library Management System v1.0 - SQL Injection via bookId Parameter
CVSS 9.8
CVE-2022-38118 HIGH
OAKlouds Portal 2.0-<2.0-163 - Authenticated SQL Injection via Meeting Room Input
CVSS 8.8
CVE-2022-36714 CRITICAL
Library Management System 1.0 - SQL Injection via Section Parameter
CVSS 9.8
CVE-2022-36713 CRITICAL
Library Management System 1.0 - SQL Injection via Section Parameter
CVSS 9.8
CVE-2022-36712 CRITICAL
Library Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-36711 CRITICAL
Library Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-36709 CRITICAL
Library Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-2559 HIGH
Fluent Support WP <1.5.8 - SQL Injection
CVSS 7.2
CVE-2022-1123 HIGH
Leaflet Maps Marker < 3.12.5 - Authenticated SQL Injection
CVSS 7.2
CVE-2022-36690 HIGH
Ingredients Stock Management System 1.0 - SQL Injection via id Parameter
CVSS 8.8
CVE-2022-36689 HIGH
Ingredients Stock Management System 1.0 - SQL Injection via Month Parameter
CVSS 8.8
CVE-2022-36688 HIGH
Ingredients Stock Management System 1.0 - SQL Injection via Month Parameter
CVSS 8.8
CVE-2022-36686 HIGH
Ingredients Stock Management System 1.0 - SQL Injection via Month Parameter
CVSS 8.8
CVE-2022-22897 CRITICAL
ApolloTheme AP PageBuilder <= 2.4.4 - Unauthenticated SQL Injection via product_all_one_img and image_product Parameters
CVSS 9.8
CVE-2022-36708 CRITICAL
Library Management System 1.0 - SQL Injection via Id Parameter
CVSS 9.8
CVE-2022-36706 CRITICAL
Ingredients Stock Management System 1.0 - SQL Injection via Id Parameter
CVSS 9.8
CVE-2022-36705 CRITICAL
Ingredients Stock Management System 1.0 - SQL Injection via Id Parameter
CVSS 9.8
CVE-2022-36704 HIGH
Library Management System 1.0 - SQL Injection via Id Parameter
CVSS 8.8
CVE-2022-3013 MEDIUM
SourceCodester Simple Task Managing System - SQL Injection
CVSS 6.3
CVE-2022-3012 MEDIUM
oretnom23 Fast Food Ordering System - SQL Injection
CVSS 6.3
CVE-2022-36545 CRITICAL
Edoc-doctor-appointment-system v1.0.1 - SQL Injection
CVSS 9.8
Details
Vulnerabilities 19,801
Exploit Likelihood High