CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,806 vulnerabilities with CWE-89
CVE-2022-31181 CRITICAL
PrestaShop <1.7.8.7 - SQL Injection
CVSS 9.8
CVE-2022-1950 CRITICAL
Youzify WordPress <1.2.0 - SQL Injection
CVSS 9.8
CVE-2022-22280 CRITICAL
SonicWall GMS <9.3.1-SP2-Hotfix1 - SQL Injection
CVSS 9.8
CVE-2022-2577 MEDIUM
SourceCodester Garage Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2022-1277 CRITICAL
Inavitas Solar Log < 1.0 - Unauthenticated SQL Injection
CVSS 9.4
CVE-2022-34557 HIGH
Barangay Management System 1.0 - SQL Injection via Hidden ID Parameter
CVSS 8.8
CVE-2022-27613 HIGH
Synology CardDAV Server < 6.0.10-0153 - Authenticated SQL Injection in WebAPI Component
CVSS 8.3
CVE-2022-36161 CRITICAL
Orange Station 1.0 - SQL Injection
CVSS 9.8
CVE-2022-34989 CRITICAL
Fruits Bazar 1.0 - SQL Injection via Recover Email Parameter
CVSS 9.8
CVE-2022-34067 HIGH
Warehouse Management System v1.0 - SQL Injection
CVSS 7.5
CVE-2022-31879 HIGH
Online Fire Reporting System 1.0 - SQL Injection via Date Parameter
CVSS 8.8
CVE-2022-33965 CRITICAL
Osamaesh WP Visitor Statistics <5.7 - SQL Injection
CVSS 9.3
CVE-2022-29709 HIGH
CLink Office 2.0 - SQL Injection via Username and Password Parameters
CVSS 7.5
CVE-2022-34114 HIGH
Dataease 1.11.1 - SQL Injection via dataSourceId Parameter
CVSS 8.8
CVE-2022-33960 HIGH
Supsystic plugin <= 2.2.3 - SQL Injection
CVSS 8.5
CVE-2022-30998 CRITICAL
WooPlugins.co's Homepage Product Organizer <1.1 - SQL Injection
CVSS 9.1
CVE-2022-2142 HIGH
Advantech iView < 5.7.04.6469 - SQL Injection
CVSS 8.1
CVE-2022-2137 MEDIUM
Advantech iView < 5.7.04.6469 - Authenticated SQL Injection
CVSS 4.9
CVE-2022-2136 HIGH
Advantech iView < 5.7.04.6469 - Authenticated SQL Injection
CVSS 8.8
CVE-2022-2135 HIGH
Advantech iView < 5.7.04.6469 - SQL Injection
CVSS 7.5
CVE-2022-34590 HIGH
Hospital Management System 1.0 - SQL Injection via editid Parameter
CVSS 7.2
CVE-2022-34588 HIGH
Advanced School Management System 1.0 - SQL Injection via Grade Parameter
CVSS 8.8
CVE-2022-34586 HIGH
Advanced School Management System 1.0 - SQL Injection via Grade Parameter
CVSS 8.8
CVE-2022-34042 HIGH
Barangay Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-2492 MEDIUM
SourceCodester Library Management System 1.0 - SQL Injection via RollNo Parameter
CVSS 6.3
Details
Vulnerabilities 19,806
Exploit Likelihood High