CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,802 vulnerabilities with CWE-89
CVE-2022-36698 HIGH
Ingredients Stock Management System 1.0 - SQL Injection via id Parameter
CVSS 8.8
CVE-2022-2957 MEDIUM
Simple and Nice Shopping Cart Script - SQL Injection via mem_id Parameter
CVSS 6.3
CVE-2022-37178 HIGH
72crm 9.0 - SQL Injection in Task Calendar View
CVSS 8.8
CVE-2022-37333 HIGH
Exment < 5.0.3 and laravel-admin < 3.0.0 - Authenticated SQL Injection
CVSS 8.8
CVE-2022-35115 CRITICAL
IceWarp WebClient DC2 13.0.2.9 - SQL Injection via Search Parameter
CVSS 9.8
CVE-2022-37113 CRITICAL
Bluecms 1.6 - SQL Injection in admin/area.php
CVSS 9.8
CVE-2022-37112 CRITICAL
BlueCMS 1.6 - SQL Injection in admin/model.php
CVSS 9.8
CVE-2022-37111 CRITICAL
BlueCMS 1.6 - SQL Injection in admin/article.php
CVSS 9.8
CVE-2022-36394 HIGH
WordPress Contest Gallery <17.0.4 - SQL Injection
CVSS 7.6
CVE-2022-37223 CRITICAL
JFinal CMS 5.1.0 - SQL Injection via Role List Endpoint
CVSS 9.8
CVE-2022-37199 CRITICAL
JFinal CMS 5.1.0 - SQL Injection via User List Endpoint
CVSS 9.8
CVE-2022-34652 HIGH
WWBN AVideo 11.6 and dev master commit 3f7c0364 - SQL Injection via Live Schedules Description Parameter
CVSS 8.8
CVE-2022-33149 HIGH
WWBN AVideo 11.6-dev master - SQL Injection
CVSS 8.8
CVE-2022-33148 HIGH
WWBN AVideo 11.6-dev master - SQL Injection
CVSS 8.8
CVE-2022-33147 HIGH
WWBN AVideo 11.6-dev master - SQL Injection
CVSS 8.8
CVE-2022-2842 HIGH
SourceCodester Gym Management System - SQL Injection
CVSS 7.3
CVE-2022-2593 HIGH
Better Search Replace <1.4.1 - SQL Injection
CVSS 7.2
CVE-2022-25811 HIGH
Transposh WordPress Translation < 1.0.8 - SQL Injection via Order and Orderby Parameters
CVSS 7.2
CVE-2022-36198 CRITICAL
Bus Pass Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2022-36030 CRITICAL
Project-Nexus - SQL Injection
CVSS 9.8
CVE-2022-36578 CRITICAL
jizhicms v2.3.1 - SQL Injection
CVSS 9.8
CVE-2022-36606 CRITICAL
Ywoa < 6.1 - SQL Injection via /oa/setup/checkPool?database
CVSS 9.8
CVE-2022-36605 CRITICAL
yimihome ywoa 6.1 - SQL Injection via orderby GET Parameter
CVSS 9.8
CVE-2022-36729 CRITICAL
Library Management System 1.0 - SQL Injection via M_Id Parameter
CVSS 9.8
CVE-2022-36728 CRITICAL
Library Management System 1.0 - SQL Injection via RollNo Parameter
CVSS 9.8
Details
Vulnerabilities 19,802
Exploit Likelihood High