CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,806 vulnerabilities with CWE-89
CVE-2022-32056 CRITICAL
Online Accreditation Management System v1.0 - SQL Injection via USERNAME Parameter
CVSS 9.8
CVE-2022-32055 HIGH
Inout Homestay 2.2 - SQL Injection via Guests Parameter
CVSS 7.5
CVE-2022-26348 HIGH
Gallagher Command Centre <8.60.1652-8.50.2245-8.40 - SQL Injection
CVSS 8.2
CVE-2022-30619 MEDIUM
AgilePoint NX < 8.0 - Authenticated SQL Injection via EncodedData Parameter
CVSS 5.9
CVE-2022-34972 CRITICAL
So Filter Shop v3.x - SQL Injection via att_value_id manu_value_id opt_value_id subcate_value_id Parameters
CVSS 9.8
CVE-2022-32311 CRITICAL
Ingredient Stock Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-31856 CRITICAL
Newsletter Module v3.x - SQL Injection via zemez_newsletter_email Parameter
CVSS 9.8
CVE-2022-34878 MEDIUM
VICIdial - SQL Injection via User Stats file_download Parameter
CVSS 5.5
CVE-2022-34877 MEDIUM
VICIdial < 2.14b0.5-3555 - SQL Injection via AST Agent Time Sheet Agent Parameter
CVSS 6.4
CVE-2022-34876 MEDIUM
VICIdial < 2.14b0.5-3555 - SQL Injection via admin.php Parameters
CVSS 5.5
CVE-2022-34265 CRITICAL
Django 3.2-3.2.14 - SQL Injection via Trunc() and Extract() Database Functions
CVSS 9.8
CVE-2022-33171 CRITICAL
TypeORM < 0.3.0 - SQL Injection via FindOneOptions Parameter
CVSS 9.8
CVE-2022-32095 CRITICAL
Hospital Management System v1.0 - SQL Injection via editid Parameter
CVSS 9.8
CVE-2022-32094 CRITICAL
Hospital Management System 1.0 - SQL Injection via LoginID Parameter
CVSS 9.8
CVE-2022-32093 CRITICAL
Hospital Management System v1.0 - SQL Injection via LoginID Parameter
CVSS 9.8
CVE-2022-33061 HIGH
Online Railway Reservation System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-33060 HIGH
Online Railway Reservation System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-33059 HIGH
Online Railway Reservation System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-33058 HIGH
Online Railway Reservation System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-33057 HIGH
Online Railway Reservation System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-31058 HIGH
Tuleap < 13.9.99.111 and 13.8.0-13.8.6 - Authenticated SQL Injection via Tracker Report Query
CVSS 7.2
CVE-2022-33042 HIGH
Online Railway Reservation System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-31061 CRITICAL
GLPI 9.3.0-9.5.7 - Unauthenticated SQL Injection via Login Page
CVSS 9.8
CVE-2022-31056 CRITICAL
GLPI 10.0.0-10.0.2 - SQL Injection via Actor Fields
CVSS 9.8
CVE-2022-34132 CRITICAL
Benjamin BALET Jorani v1.0 - SQL Injection
CVSS 9.8
Details
Vulnerabilities 19,806
Exploit Likelihood High