CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,806 vulnerabilities with CWE-89
CVE-2022-31181
CRITICAL
PrestaShop <1.7.8.7 - SQL Injection
CVSS 9.8
CVE-2022-1950
CRITICAL
Youzify WordPress <1.2.0 - SQL Injection
CVSS 9.8
CVE-2022-22280
CRITICAL
SonicWall GMS <9.3.1-SP2-Hotfix1 - SQL Injection
CVSS 9.8
CVE-2022-2577
MEDIUM
SourceCodester Garage Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2022-1277
CRITICAL
Inavitas Solar Log < 1.0 - Unauthenticated SQL Injection
CVSS 9.4
CVE-2022-34557
HIGH
Barangay Management System 1.0 - SQL Injection via Hidden ID Parameter
CVSS 8.8
CVE-2022-27613
HIGH
Synology CardDAV Server < 6.0.10-0153 - Authenticated SQL Injection in WebAPI Component
CVSS 8.3
CVE-2022-36161
CRITICAL
Orange Station 1.0 - SQL Injection
CVSS 9.8
CVE-2022-34989
CRITICAL
Fruits Bazar 1.0 - SQL Injection via Recover Email Parameter
CVSS 9.8
CVE-2022-34067
HIGH
Warehouse Management System v1.0 - SQL Injection
CVSS 7.5
CVE-2022-31879
HIGH
Online Fire Reporting System 1.0 - SQL Injection via Date Parameter
CVSS 8.8
CVE-2022-33965
CRITICAL
Osamaesh WP Visitor Statistics <5.7 - SQL Injection
CVSS 9.3
CVE-2022-29709
HIGH
CLink Office 2.0 - SQL Injection via Username and Password Parameters
CVSS 7.5
CVE-2022-34114
HIGH
Dataease 1.11.1 - SQL Injection via dataSourceId Parameter
CVSS 8.8
CVE-2022-33960
HIGH
Supsystic plugin <= 2.2.3 - SQL Injection
CVSS 8.5
CVE-2022-30998
CRITICAL
WooPlugins.co's Homepage Product Organizer <1.1 - SQL Injection
CVSS 9.1
CVE-2022-2142
HIGH
Advantech iView < 5.7.04.6469 - SQL Injection
CVSS 8.1
CVE-2022-2137
MEDIUM
Advantech iView < 5.7.04.6469 - Authenticated SQL Injection
CVSS 4.9
CVE-2022-2136
HIGH
Advantech iView < 5.7.04.6469 - Authenticated SQL Injection
CVSS 8.8
CVE-2022-2135
HIGH
Advantech iView < 5.7.04.6469 - SQL Injection
CVSS 7.5
CVE-2022-34590
HIGH
Hospital Management System 1.0 - SQL Injection via editid Parameter
CVSS 7.2
CVE-2022-34588
HIGH
Advanced School Management System 1.0 - SQL Injection via Grade Parameter
CVSS 8.8
CVE-2022-34586
HIGH
Advanced School Management System 1.0 - SQL Injection via Grade Parameter
CVSS 8.8
CVE-2022-34042
HIGH
Barangay Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-2492
MEDIUM
SourceCodester Library Management System 1.0 - SQL Injection via RollNo Parameter
CVSS 6.3
Details
Vulnerabilities
19,806
Exploit Likelihood
High