CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,802 vulnerabilities with CWE-89
CVE-2022-2801 MEDIUM
SourceCodester Automated Beer Parlour Billing System - SQL Injection
CVSS 6.3
CVE-2022-2797 MEDIUM
SourceCodester Student Information System - SQL Injection via view_student.php id Parameter
CVSS 6.3
CVE-2022-20280 LOW
Android 13 - SQL Injection in MMSProvider
CVSS 3.3
CVE-2022-2774 MEDIUM
SourceCodester Library Management System - SQL Injection via librarian/student.php title Parameter
CVSS 6.3
CVE-2022-2772 MEDIUM
Apartment Visitor Management System - SQL Injection via editid/remark Parameter
CVSS 6.3
CVE-2022-2771 MEDIUM
Simple Online Book Store System - SQL Injection via bookisbn Parameter
CVSS 6.3
CVE-2022-2770 MEDIUM
Simple Online Book Store System - SQL Injection via bookisbn Parameter
CVSS 6.3
CVE-2022-2766 HIGH
SourceCodester Loan Management System - SQL Injection via Password Parameter
CVSS 7.3
CVE-2022-2747 MEDIUM
Simple Online Book Store System - SQL Injection via book_isbn Parameter
CVSS 6.3
CVE-2022-2745 MEDIUM
Gym Management System - SQL Injection via Add New Trainer trainer_name Parameter
CVSS 6.3
CVE-2022-38130 CRITICAL
com.keysight.tentacle.config.ResourceManager - Path Traversal
CVSS 9.8
CVE-2022-36750 CRITICAL
Clinic's Patient Management System 1.0 - SQL Injection via Update User ID Parameter
CVSS 9.8
CVE-2022-2728 MEDIUM
Gym Management System - SQL Injection via edit_tran Parameter
CVSS 6.3
CVE-2022-2727 MEDIUM
Gym Management System - SQL Injection via admin_email/admin_pass Parameters
CVSS 6.3
CVE-2022-2726 MEDIUM
SEMCMS - SQL Injection via DID Argument in Ant_Check.php
CVSS 6.3
CVE-2022-2724 MEDIUM
SourceCodester Employee Management System - SQL Injection via mailuid Parameter in aprocess.php
CVSS 6.3
CVE-2022-2723 MEDIUM
Employee Management System - SQL Injection via eprocess.php mailuid/pwd Parameter
CVSS 6.3
CVE-2022-2722 MEDIUM
Simple Student Information System - SQL Injection via manage_course.php id Parameter
CVSS 6.3
CVE-2022-2715 MEDIUM
SourceCodester Employee Management System - SQL Injection via eloginwel.php id Parameter
CVSS 6.3
CVE-2022-2269 CRITICAL
Website File Changes Monitor < 1.8.3 - Authenticated SQL Injection via Unsanitized User Input
CVSS 9.8
CVE-2022-2708 MEDIUM
Gym Management System - SQL Injection via login.php user_login Parameter
CVSS 5.5
CVE-2022-2707 MEDIUM
Online Class and Exam Scheduling System 1.0 - SQL Injection via faculty Parameter in faculty_sched.php
CVSS 6.3
CVE-2022-2706 MEDIUM
Online Class and Exam Scheduling System 1.0 - SQL Injection via class Parameter in class_sched.php
CVSS 6.3
CVE-2022-2705 MEDIUM
Simple Student Information System - SQL Injection via manage_department.php id Parameter
CVSS 6.3
CVE-2022-2703 MEDIUM
Gym Management System - SQL Injection via Exercises Module
CVSS 6.3
Details
Vulnerabilities 19,802
Exploit Likelihood High