CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,806 vulnerabilities with CWE-89
CVE-2022-32056
CRITICAL
Online Accreditation Management System v1.0 - SQL Injection via USERNAME Parameter
CVSS 9.8
CVE-2022-32055
HIGH
Inout Homestay 2.2 - SQL Injection via Guests Parameter
CVSS 7.5
CVE-2022-26348
HIGH
Gallagher Command Centre <8.60.1652-8.50.2245-8.40 - SQL Injection
CVSS 8.2
CVE-2022-30619
MEDIUM
AgilePoint NX < 8.0 - Authenticated SQL Injection via EncodedData Parameter
CVSS 5.9
CVE-2022-34972
CRITICAL
So Filter Shop v3.x - SQL Injection via att_value_id manu_value_id opt_value_id subcate_value_id Parameters
CVSS 9.8
CVE-2022-32311
CRITICAL
Ingredient Stock Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-31856
CRITICAL
Newsletter Module v3.x - SQL Injection via zemez_newsletter_email Parameter
CVSS 9.8
CVE-2022-34878
MEDIUM
VICIdial - SQL Injection via User Stats file_download Parameter
CVSS 5.5
CVE-2022-34877
MEDIUM
VICIdial < 2.14b0.5-3555 - SQL Injection via AST Agent Time Sheet Agent Parameter
CVSS 6.4
CVE-2022-34876
MEDIUM
VICIdial < 2.14b0.5-3555 - SQL Injection via admin.php Parameters
CVSS 5.5
CVE-2022-34265
CRITICAL
Django 3.2-3.2.14 - SQL Injection via Trunc() and Extract() Database Functions
CVSS 9.8
CVE-2022-33171
CRITICAL
TypeORM < 0.3.0 - SQL Injection via FindOneOptions Parameter
CVSS 9.8
CVE-2022-32095
CRITICAL
Hospital Management System v1.0 - SQL Injection via editid Parameter
CVSS 9.8
CVE-2022-32094
CRITICAL
Hospital Management System 1.0 - SQL Injection via LoginID Parameter
CVSS 9.8
CVE-2022-32093
CRITICAL
Hospital Management System v1.0 - SQL Injection via LoginID Parameter
CVSS 9.8
CVE-2022-33061
HIGH
Online Railway Reservation System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-33060
HIGH
Online Railway Reservation System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-33059
HIGH
Online Railway Reservation System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-33058
HIGH
Online Railway Reservation System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-33057
HIGH
Online Railway Reservation System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-31058
HIGH
Tuleap < 13.9.99.111 and 13.8.0-13.8.6 - Authenticated SQL Injection via Tracker Report Query
CVSS 7.2
CVE-2022-33042
HIGH
Online Railway Reservation System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-31061
CRITICAL
GLPI 9.3.0-9.5.7 - Unauthenticated SQL Injection via Login Page
CVSS 9.8
CVE-2022-31056
CRITICAL
GLPI 10.0.0-10.0.2 - SQL Injection via Actor Fields
CVSS 9.8
CVE-2022-34132
CRITICAL
Benjamin BALET Jorani v1.0 - SQL Injection
CVSS 9.8
Details
Vulnerabilities
19,806
Exploit Likelihood
High