CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,802 vulnerabilities with CWE-89
CVE-2022-36698
HIGH
Ingredients Stock Management System 1.0 - SQL Injection via id Parameter
CVSS 8.8
CVE-2022-2957
MEDIUM
Simple and Nice Shopping Cart Script - SQL Injection via mem_id Parameter
CVSS 6.3
CVE-2022-37178
HIGH
72crm 9.0 - SQL Injection in Task Calendar View
CVSS 8.8
CVE-2022-37333
HIGH
Exment < 5.0.3 and laravel-admin < 3.0.0 - Authenticated SQL Injection
CVSS 8.8
CVE-2022-35115
CRITICAL
IceWarp WebClient DC2 13.0.2.9 - SQL Injection via Search Parameter
CVSS 9.8
CVE-2022-37113
CRITICAL
Bluecms 1.6 - SQL Injection in admin/area.php
CVSS 9.8
CVE-2022-37112
CRITICAL
BlueCMS 1.6 - SQL Injection in admin/model.php
CVSS 9.8
CVE-2022-37111
CRITICAL
BlueCMS 1.6 - SQL Injection in admin/article.php
CVSS 9.8
CVE-2022-36394
HIGH
WordPress Contest Gallery <17.0.4 - SQL Injection
CVSS 7.6
CVE-2022-37223
CRITICAL
JFinal CMS 5.1.0 - SQL Injection via Role List Endpoint
CVSS 9.8
CVE-2022-37199
CRITICAL
JFinal CMS 5.1.0 - SQL Injection via User List Endpoint
CVSS 9.8
CVE-2022-34652
HIGH
WWBN AVideo 11.6 and dev master commit 3f7c0364 - SQL Injection via Live Schedules Description Parameter
CVSS 8.8
CVE-2022-33149
HIGH
WWBN AVideo 11.6-dev master - SQL Injection
CVSS 8.8
CVE-2022-33148
HIGH
WWBN AVideo 11.6-dev master - SQL Injection
CVSS 8.8
CVE-2022-33147
HIGH
WWBN AVideo 11.6-dev master - SQL Injection
CVSS 8.8
CVE-2022-2842
HIGH
SourceCodester Gym Management System - SQL Injection
CVSS 7.3
CVE-2022-2593
HIGH
Better Search Replace <1.4.1 - SQL Injection
CVSS 7.2
CVE-2022-25811
HIGH
Transposh WordPress Translation < 1.0.8 - SQL Injection via Order and Orderby Parameters
CVSS 7.2
CVE-2022-36198
CRITICAL
Bus Pass Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2022-36030
CRITICAL
Project-Nexus - SQL Injection
CVSS 9.8
CVE-2022-36578
CRITICAL
jizhicms v2.3.1 - SQL Injection
CVSS 9.8
CVE-2022-36606
CRITICAL
Ywoa < 6.1 - SQL Injection via /oa/setup/checkPool?database
CVSS 9.8
CVE-2022-36605
CRITICAL
yimihome ywoa 6.1 - SQL Injection via orderby GET Parameter
CVSS 9.8
CVE-2022-36729
CRITICAL
Library Management System 1.0 - SQL Injection via M_Id Parameter
CVSS 9.8
CVE-2022-36728
CRITICAL
Library Management System 1.0 - SQL Injection via RollNo Parameter
CVSS 9.8
Details
Vulnerabilities
19,802
Exploit Likelihood
High