CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,806 vulnerabilities with CWE-89
CVE-2022-2491
MEDIUM
SourceCodester Library Management System 1.0 - SQL Injection via lab.php Section Parameter
CVSS 6.3
CVE-2022-2490
MEDIUM
Simple E-Learning System 1.0 - SQL Injection via search.php classCode Parameter
CVSS 6.3
CVE-2022-2489
MEDIUM
Simple E-Learning System 1.0 - SQL Injection via classRoom.php classCode Parameter
CVSS 6.3
CVE-2022-32456
CRITICAL
Digiwin Business Process Management < 5.8.8.1 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2022-34023
CRITICAL
Barangay Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-2468
MEDIUM
Garage Management System 1.0 - SQL Injection via editbrand.php id Parameter
CVSS 6.3
CVE-2022-2467
HIGH
Garage Management System 1.0 - SQL Injection via Login Username Parameter
CVSS 7.3
CVE-2022-26120
MEDIUM
FortiADC 5.0.0-6.2.2 and 7.0.0-7.0.1 - Authenticated SQL Injection via HTTP Requests
CVSS 5.4
CVE-2022-24691
HIGH
DSK DSKNet <2.17.136.5 - Blind Boolean SQL Injection
CVSS 7.1
CVE-2022-24690
HIGH
DSK DSKNet <2.17.136.5 - Blind SQL Injection
CVSS 8.2
CVE-2022-27434
CRITICAL
UNIT4 TETA Mobile Edition < 29.5 - SQL Injection via ProfileName Parameter
CVSS 9.8
CVE-2022-32416
HIGH
Product Show Room Site 1.0 - SQL Injection via Master.php delete_product Parameter
CVSS 7.2
CVE-2022-32415
HIGH
Product Show Room Site 1.0 - SQL Injection via View Product ID Parameter
CVSS 8.8
CVE-2022-32297
HIGH
Piwigo < 12.2.0 - SQL Injection via Search Function
CVSS 7.5
CVE-2022-30113
CRITICAL
electronic_mall_system 1.0_build20200203 - SQL Injection
CVSS 9.8
CVE-2022-35628
CRITICAL
in2code/living_user_experience <17.6.1 and 18.0.0-24.0.1 - SQL Injection
CVSS 9.8
CVE-2022-29601
CRITICAL
seminars < 4.1.3 - SQL Injection
CVSS 9.8
CVE-2022-29600
CRITICAL
oelib < 4.1.5 - SQL Injection
CVSS 9.8
CVE-2022-32246
MEDIUM
SAP Business Objects BI Platform 4.2/4.3 - Authenticated SQL Injection
CVSS 4.6
CVE-2022-2298
HIGH
Clinic's Patient Management System 2.0 - SQL Injection via Login Page user_name Parameter
CVSS 7.3
CVE-2022-2263
MEDIUM
Online Hotel Booking System 1.0 - SQL Injection via edit_room_cat.php Room Handler
CVSS 4.7
CVE-2022-2262
MEDIUM
Online Hotel Booking System 1.0 - SQL Injection via edit_all_room.php id Parameter
CVSS 4.7
CVE-2022-1057
CRITICAL
Pricing Deals for WooCommerce < 2.0.2.02 - Unauthenticated SQL Injection via AJAX Action
CVSS 9.8
CVE-2022-22463
MEDIUM
IBM Security Access Manager Appliance <10.0.3.0 - SQL Injection
CVSS 6.5
CVE-2022-28623
CRITICAL
HPE IceWall SSO 10.0 - SQL Injection
CVSS 9.8
Details
Vulnerabilities
19,806
Exploit Likelihood
High