CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,802 vulnerabilities with CWE-89
CVE-2022-36727 CRITICAL
Library Management System 1.0 - SQL Injection via bookId Parameter
CVSS 9.8
CVE-2022-36725 CRITICAL
Library Management System 1.0 - SQL Injection via M_Id Parameter
CVSS 9.8
CVE-2022-36722 CRITICAL
Library Management System 1.0 - SQL Injection via Title Parameter
CVSS 9.8
CVE-2022-25228 MEDIUM
CandidATS 3.0.0 Beta - Authenticated SQL Injection via userID, candidateID, jobOrderID, or companyID Parameter
CVSS 6.5
CVE-2022-35175 CRITICAL
Barangay Management System 1.0 - SQL Injection via Hidden ID Parameter
CVSS 9.8
CVE-2022-2876 MEDIUM
SourceCodester Student Management System - SQL Injection
CVSS 6.3
CVE-2022-35154 CRITICAL
Shopro Mall System 1.3.8 - SQL Injection via Value Parameter
CVSS 9.8
CVE-2022-35606 CRITICAL
inventorymanagementsystem 1.0 - SQL Injection via CustomerDAO.java customerCode Parameter
CVSS 9.8
CVE-2022-35605 CRITICAL
inventorymanagementsystem 1.0 - SQL Injection via UserDAO.java Parameters
CVSS 9.8
CVE-2022-35603 CRITICAL
inventorymanagementsystem 1.0 - SQL Injection via searchTxt Parameter
CVSS 9.8
CVE-2022-35602 CRITICAL
inventorymanagementsystem 1.0 - SQL Injection via User Parameter
CVSS 9.8
CVE-2022-35601 CRITICAL
inventorymanagementsystem 1.0 - SQL Injection via SupplierDAO.java searchTxt Parameter
CVSS 9.8
CVE-2022-35599 CRITICAL
inventorymanagementsystem 1.0 - SQL Injection via productcode Parameter
CVSS 9.8
CVE-2022-35598 CRITICAL
inventorymanagementsystem 1.0 - SQL Injection via Username Parameter
CVSS 9.8
CVE-2022-35148 MEDIUM
maccms v2021.1000.1081-v2022.1000.3031 - SQL Injection via Table Parameter
CVSS 6.5
CVE-2022-35121 CRITICAL
novel-plus 3.6.1 - SQL Injection via BookServiceImpl Keyword Parameter
CVSS 9.8
CVE-2022-2847 MEDIUM
SourceCodester Guest Management System - SQL Injection
CVSS 6.3
CVE-2022-36242 CRITICAL
Clinic's Patient Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-36599 CRITICAL
Mingsoft MCMS 5.2.8 - SQL Injection
CVSS 9.8
CVE-2022-36272 CRITICAL
Mingsoft MCMS 5.2.8 - SQL Injection
CVSS 9.8
CVE-2022-2812 HIGH
SourceCodester Guest Management System - SQL Injection
CVSS 7.3
CVE-2022-35942 CRITICAL
loopback-connector-postgresql < 5.5.1 - SQL Injection via 'contains' LoopBack Filter
CVSS 9.3
CVE-2022-35956 MEDIUM
update_by_case < 0.1.3 - SQL Injection via Unsanitized Case Statement
CVSS 5.8
CVE-2022-2803 MEDIUM
SourceCodester Zoo Management System - SQL Injection
CVSS 6.3
CVE-2022-2802 HIGH
SourceCodester Gas Agency Management System - SQL Injection
CVSS 7.3
Details
Vulnerabilities 19,802
Exploit Likelihood High