CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,801 vulnerabilities with CWE-89
CVE-2022-36544 CRITICAL
Edoc-doctor-appointment-system v1.0.1 - SQL Injection
CVSS 9.8
CVE-2022-36543 CRITICAL
Edoc-doctor-appointment-system v1.0.1 - SQL Injection
CVSS 9.8
CVE-2022-36529 HIGH
Kensite CMS v1.0 - SQL Injection via name and oldname Parameters
CVSS 8.8
CVE-2022-37152 CRITICAL
Online Diagnostic Lab Management System 1.0 - SQL Injection via dob Parameter
CVSS 9.8
CVE-2022-36683 CRITICAL
Simple Task Scheduling System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-36682 CRITICAL
Simple Task Scheduling System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-36681 CRITICAL
Simple Task Scheduling System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-36680 CRITICAL
Simple Task Scheduling System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-36679 CRITICAL
Simple Task Scheduling System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-36678 CRITICAL
Simple Task Scheduling System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-36721 HIGH
Library Management System 1.0 - SQL Injection via Textbook Parameter
CVSS 8.8
CVE-2022-36720 HIGH
Library Management System 1.0 - SQL Injection via id Parameter
CVSS 8.8
CVE-2022-36719 CRITICAL
Library Management System 1.0 - SQL Injection via ok Parameter
CVSS 9.8
CVE-2022-36716 CRITICAL
Library Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-36715 CRITICAL
Library Management System 1.0 - SQL Injection via Name Parameter
CVSS 9.8
CVE-2022-36697 CRITICAL
Ingredients Stock Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-36696 CRITICAL
Ingredients Stock Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-36695 CRITICAL
Ingredients Stock Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-36693 CRITICAL
Ingredients Stock Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-36692 CRITICAL
Ingredients Stock Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-36703 HIGH
Ingredients Stock Management System 1.0 - SQL Injection via id Parameter
CVSS 8.8
CVE-2022-36701 HIGH
Ingredients Stock Management System 1.0 - SQL Injection via id Parameter
CVSS 8.8
CVE-2022-36700 HIGH
Ingredients Stock Management System 1.0 - SQL Injection via id Parameter
CVSS 8.8
CVE-2022-36699 HIGH
Ingredients Stock Management System 1.0 - SQL Injection via id Parameter
CVSS 8.8
CVE-2022-36698 HIGH
Ingredients Stock Management System 1.0 - SQL Injection via id Parameter
CVSS 8.8
Details
Vulnerabilities 19,801
Exploit Likelihood High