CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,806 vulnerabilities with CWE-89
CVE-2022-2491 MEDIUM
SourceCodester Library Management System 1.0 - SQL Injection via lab.php Section Parameter
CVSS 6.3
CVE-2022-2490 MEDIUM
Simple E-Learning System 1.0 - SQL Injection via search.php classCode Parameter
CVSS 6.3
CVE-2022-2489 MEDIUM
Simple E-Learning System 1.0 - SQL Injection via classRoom.php classCode Parameter
CVSS 6.3
CVE-2022-32456 CRITICAL
Digiwin Business Process Management < 5.8.8.1 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2022-34023 CRITICAL
Barangay Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-2468 MEDIUM
Garage Management System 1.0 - SQL Injection via editbrand.php id Parameter
CVSS 6.3
CVE-2022-2467 HIGH
Garage Management System 1.0 - SQL Injection via Login Username Parameter
CVSS 7.3
CVE-2022-26120 MEDIUM
FortiADC 5.0.0-6.2.2 and 7.0.0-7.0.1 - Authenticated SQL Injection via HTTP Requests
CVSS 5.4
CVE-2022-24691 HIGH
DSK DSKNet <2.17.136.5 - Blind Boolean SQL Injection
CVSS 7.1
CVE-2022-24690 HIGH
DSK DSKNet <2.17.136.5 - Blind SQL Injection
CVSS 8.2
CVE-2022-27434 CRITICAL
UNIT4 TETA Mobile Edition < 29.5 - SQL Injection via ProfileName Parameter
CVSS 9.8
CVE-2022-32416 HIGH
Product Show Room Site 1.0 - SQL Injection via Master.php delete_product Parameter
CVSS 7.2
CVE-2022-32415 HIGH
Product Show Room Site 1.0 - SQL Injection via View Product ID Parameter
CVSS 8.8
CVE-2022-32297 HIGH
Piwigo < 12.2.0 - SQL Injection via Search Function
CVSS 7.5
CVE-2022-30113 CRITICAL
electronic_mall_system 1.0_build20200203 - SQL Injection
CVSS 9.8
CVE-2022-35628 CRITICAL
in2code/living_user_experience <17.6.1 and 18.0.0-24.0.1 - SQL Injection
CVSS 9.8
CVE-2022-29601 CRITICAL
seminars < 4.1.3 - SQL Injection
CVSS 9.8
CVE-2022-29600 CRITICAL
oelib < 4.1.5 - SQL Injection
CVSS 9.8
CVE-2022-32246 MEDIUM
SAP Business Objects BI Platform 4.2/4.3 - Authenticated SQL Injection
CVSS 4.6
CVE-2022-2298 HIGH
Clinic's Patient Management System 2.0 - SQL Injection via Login Page user_name Parameter
CVSS 7.3
CVE-2022-2263 MEDIUM
Online Hotel Booking System 1.0 - SQL Injection via edit_room_cat.php Room Handler
CVSS 4.7
CVE-2022-2262 MEDIUM
Online Hotel Booking System 1.0 - SQL Injection via edit_all_room.php id Parameter
CVSS 4.7
CVE-2022-1057 CRITICAL
Pricing Deals for WooCommerce < 2.0.2.02 - Unauthenticated SQL Injection via AJAX Action
CVSS 9.8
CVE-2022-22463 MEDIUM
IBM Security Access Manager Appliance <10.0.3.0 - SQL Injection
CVSS 6.5
CVE-2022-28623 CRITICAL
HPE IceWall SSO 10.0 - SQL Injection
CVSS 9.8
Details
Vulnerabilities 19,806
Exploit Likelihood High