CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,802 vulnerabilities with CWE-89
CVE-2022-2700 MEDIUM
Gym Management System - SQL Injection via Day Parameter
CVSS 4.7
CVE-2022-2699 MEDIUM
Simple E-Learning System - SQL Injection via phoneNumber Parameter
CVSS 6.3
CVE-2022-2698 MEDIUM
Simple E-Learning System - SQL Injection via searchPost Parameter
CVSS 6.3
CVE-2022-2697 MEDIUM
SourceCodester Simple E-Learning System - SQL Injection via comment_frame.php post_id Parameter
CVSS 6.3
CVE-2022-2693 MEDIUM
Electronic Medical Records System - SQL Injection via pconsultation Parameter in register.php
CVSS 6.3
CVE-2022-2688 MEDIUM
Expense Management System - SQL Injection via report.php POST Parameter Handler
CVSS 6.3
CVE-2022-2687 MEDIUM
Gym Management System - SQL Injection via user_pass Parameter
CVSS 6.3
CVE-2022-2680 MEDIUM
SourceCodester Church Management System 1.0 - SQL Injection via login.php Username Parameter
CVSS 6.3
CVE-2022-2679 MEDIUM
Interview Management System 1.0 - SQL Injection via viewReport.php id Parameter
CVSS 6.3
CVE-2022-2677 MEDIUM
Apartment Visitor Management System 1.0 - SQL Injection via Username Parameter
CVSS 6.3
CVE-2022-2676 MEDIUM
Electronic Medical Records System - SQL Injection via user_email Parameter
CVSS 6.3
CVE-2022-36839 MEDIUM
Samsung Checkout < 5.0.53.1 - SQL Injection via IAPService
CVSS 5.9
CVE-2022-31659 HIGH
VMware Workspace ONE Access and Identity Manager - Remote Code Execution
CVSS 7.2
CVE-2022-2674 HIGH
Best Fee Management System - SQL Injection via admin_class.php Login Function
CVSS 7.3
CVE-2022-2673 MEDIUM
Rigatur Online Booking and Hotel Management System aff6409 - SQL Injection via login.php Email/Pass Parameters
CVSS 6.3
CVE-2022-2672 MEDIUM
SourceCodester Garage Management System - SQL Injection
CVSS 6.3
CVE-2022-2671 MEDIUM
SourceCodester Garage Management System - SQL Injection
CVSS 6.3
CVE-2022-2667 MEDIUM
SourceCodester Loan Management System - SQL Injection
CVSS 6.3
CVE-2022-2665 MEDIUM
SourceCodester Simple E-Learning System - SQL Injection
CVSS 6.3
CVE-2022-2656 MEDIUM
SourceCodester Multi Language Hotel Management Software - SQL Injec...
CVSS 6.3
CVE-2022-32964 CRITICAL
OMICARD EDM >=5.8 <6.0 - Unauthenticated SQL Injection via API Function
CVSS 9.8
CVE-2022-2648 MEDIUM
Multi Language Hotel Management Software - SQL Injection via room_id Parameter
CVSS 6.3
CVE-2022-2644 MEDIUM
SourceCodester Online Admission System - SQL Injection
CVSS 5.5
CVE-2022-2643 MEDIUM
SourceCodester Online Admission System - SQL Injection
CVSS 6.3
CVE-2022-31197 HIGH
PostgreSQL JDBC Driver - SQL Injection
CVSS 7.1
Details
Vulnerabilities 19,802
Exploit Likelihood High