CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,802 vulnerabilities with CWE-89
CVE-2022-2700
MEDIUM
Gym Management System - SQL Injection via Day Parameter
CVSS 4.7
CVE-2022-2699
MEDIUM
Simple E-Learning System - SQL Injection via phoneNumber Parameter
CVSS 6.3
CVE-2022-2698
MEDIUM
Simple E-Learning System - SQL Injection via searchPost Parameter
CVSS 6.3
CVE-2022-2697
MEDIUM
SourceCodester Simple E-Learning System - SQL Injection via comment_frame.php post_id Parameter
CVSS 6.3
CVE-2022-2693
MEDIUM
Electronic Medical Records System - SQL Injection via pconsultation Parameter in register.php
CVSS 6.3
CVE-2022-2688
MEDIUM
Expense Management System - SQL Injection via report.php POST Parameter Handler
CVSS 6.3
CVE-2022-2687
MEDIUM
Gym Management System - SQL Injection via user_pass Parameter
CVSS 6.3
CVE-2022-2680
MEDIUM
SourceCodester Church Management System 1.0 - SQL Injection via login.php Username Parameter
CVSS 6.3
CVE-2022-2679
MEDIUM
Interview Management System 1.0 - SQL Injection via viewReport.php id Parameter
CVSS 6.3
CVE-2022-2677
MEDIUM
Apartment Visitor Management System 1.0 - SQL Injection via Username Parameter
CVSS 6.3
CVE-2022-2676
MEDIUM
Electronic Medical Records System - SQL Injection via user_email Parameter
CVSS 6.3
CVE-2022-36839
MEDIUM
Samsung Checkout < 5.0.53.1 - SQL Injection via IAPService
CVSS 5.9
CVE-2022-31659
HIGH
VMware Workspace ONE Access and Identity Manager - Remote Code Execution
CVSS 7.2
CVE-2022-2674
HIGH
Best Fee Management System - SQL Injection via admin_class.php Login Function
CVSS 7.3
CVE-2022-2673
MEDIUM
Rigatur Online Booking and Hotel Management System aff6409 - SQL Injection via login.php Email/Pass Parameters
CVSS 6.3
CVE-2022-2672
MEDIUM
SourceCodester Garage Management System - SQL Injection
CVSS 6.3
CVE-2022-2671
MEDIUM
SourceCodester Garage Management System - SQL Injection
CVSS 6.3
CVE-2022-2667
MEDIUM
SourceCodester Loan Management System - SQL Injection
CVSS 6.3
CVE-2022-2665
MEDIUM
SourceCodester Simple E-Learning System - SQL Injection
CVSS 6.3
CVE-2022-2656
MEDIUM
SourceCodester Multi Language Hotel Management Software - SQL Injec...
CVSS 6.3
CVE-2022-32964
CRITICAL
OMICARD EDM >=5.8 <6.0 - Unauthenticated SQL Injection via API Function
CVSS 9.8
CVE-2022-2648
MEDIUM
Multi Language Hotel Management Software - SQL Injection via room_id Parameter
CVSS 6.3
CVE-2022-2644
MEDIUM
SourceCodester Online Admission System - SQL Injection
CVSS 5.5
CVE-2022-2643
MEDIUM
SourceCodester Online Admission System - SQL Injection
CVSS 6.3
CVE-2022-31197
HIGH
PostgreSQL JDBC Driver - SQL Injection
CVSS 7.1
Details
Vulnerabilities
19,802
Exploit Likelihood
High