CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,802 vulnerabilities with CWE-89
CVE-2022-36727
CRITICAL
Library Management System 1.0 - SQL Injection via bookId Parameter
CVSS 9.8
CVE-2022-36725
CRITICAL
Library Management System 1.0 - SQL Injection via M_Id Parameter
CVSS 9.8
CVE-2022-36722
CRITICAL
Library Management System 1.0 - SQL Injection via Title Parameter
CVSS 9.8
CVE-2022-25228
MEDIUM
CandidATS 3.0.0 Beta - Authenticated SQL Injection via userID, candidateID, jobOrderID, or companyID Parameter
CVSS 6.5
CVE-2022-35175
CRITICAL
Barangay Management System 1.0 - SQL Injection via Hidden ID Parameter
CVSS 9.8
CVE-2022-2876
MEDIUM
SourceCodester Student Management System - SQL Injection
CVSS 6.3
CVE-2022-35154
CRITICAL
Shopro Mall System 1.3.8 - SQL Injection via Value Parameter
CVSS 9.8
CVE-2022-35606
CRITICAL
inventorymanagementsystem 1.0 - SQL Injection via CustomerDAO.java customerCode Parameter
CVSS 9.8
CVE-2022-35605
CRITICAL
inventorymanagementsystem 1.0 - SQL Injection via UserDAO.java Parameters
CVSS 9.8
CVE-2022-35603
CRITICAL
inventorymanagementsystem 1.0 - SQL Injection via searchTxt Parameter
CVSS 9.8
CVE-2022-35602
CRITICAL
inventorymanagementsystem 1.0 - SQL Injection via User Parameter
CVSS 9.8
CVE-2022-35601
CRITICAL
inventorymanagementsystem 1.0 - SQL Injection via SupplierDAO.java searchTxt Parameter
CVSS 9.8
CVE-2022-35599
CRITICAL
inventorymanagementsystem 1.0 - SQL Injection via productcode Parameter
CVSS 9.8
CVE-2022-35598
CRITICAL
inventorymanagementsystem 1.0 - SQL Injection via Username Parameter
CVSS 9.8
CVE-2022-35148
MEDIUM
maccms v2021.1000.1081-v2022.1000.3031 - SQL Injection via Table Parameter
CVSS 6.5
CVE-2022-35121
CRITICAL
novel-plus 3.6.1 - SQL Injection via BookServiceImpl Keyword Parameter
CVSS 9.8
CVE-2022-2847
MEDIUM
SourceCodester Guest Management System - SQL Injection
CVSS 6.3
CVE-2022-36242
CRITICAL
Clinic's Patient Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-36599
CRITICAL
Mingsoft MCMS 5.2.8 - SQL Injection
CVSS 9.8
CVE-2022-36272
CRITICAL
Mingsoft MCMS 5.2.8 - SQL Injection
CVSS 9.8
CVE-2022-2812
HIGH
SourceCodester Guest Management System - SQL Injection
CVSS 7.3
CVE-2022-35942
CRITICAL
loopback-connector-postgresql < 5.5.1 - SQL Injection via 'contains' LoopBack Filter
CVSS 9.3
CVE-2022-35956
MEDIUM
update_by_case < 0.1.3 - SQL Injection via Unsanitized Case Statement
CVSS 5.8
CVE-2022-2803
MEDIUM
SourceCodester Zoo Management System - SQL Injection
CVSS 6.3
CVE-2022-2802
HIGH
SourceCodester Gas Agency Management System - SQL Injection
CVSS 7.3
Details
Vulnerabilities
19,802
Exploit Likelihood
High