CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,806 vulnerabilities with CWE-89
CVE-2022-31101 HIGH
PrestaShop blockwishlist < 2.1.1 - Authenticated SQL Injection
CVSS 8.1
CVE-2022-31092 HIGH
pimcore < 10.4.4 - SQL Injection via Listing Class Order/Group Methods
CVSS 7.5
CVE-2022-31082 MEDIUM
glpi-inventory-plugin < 1.0.2 - SQL Injection via Package Deployment Tasks
CVSS 5.8
CVE-2022-2214 MEDIUM
SourceCodester Library Management System 1.0 - SQL Injection via id Parameter in bookdetails.php
CVSS 6.3
CVE-2022-33128 CRITICAL
RG-EG series gateway EG350 EG_RGOS 11.1(6) - SQL Injection
CVSS 9.1
CVE-2022-22389 MEDIUM
IBM Db2 9.7, 10.1, 10.5, 11.1, 11.5 - Authenticated Denial of Service via Crafted SQL Statements
CVSS 6.5
CVE-2022-32405 HIGH
Prison Management System 1.0 - SQL Injection via id Parameter
CVSS 8.8
CVE-2022-32404 HIGH
Prison Management System 1.0 - SQL Injection via id Parameter
CVSS 8.8
CVE-2022-32403 HIGH
Prison Management System 1.0 - SQL Injection via 'id' Parameter
CVSS 8.8
CVE-2022-32402 HIGH
Prison Management System 1.0 - SQL Injection via id Parameter
CVSS 8.8
CVE-2022-32401 HIGH
Prison Management System v1.0 - SQL Injection via 'id' Parameter
CVSS 8.8
CVE-2022-32400 HIGH
Prison Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-32399 HIGH
Prison Management System 1.0 - SQL Injection via id Parameter
CVSS 8.8
CVE-2022-32398 HIGH
Prison Management System v1.0 - SQL Injection via 'id' Parameter
CVSS 8.8
CVE-2022-32397 HIGH
Prison Management System 1.0 - SQL Injection via 'id' Parameter
CVSS 8.8
CVE-2022-32396 HIGH
Prison Management System 1.0 - SQL Injection via id Parameter
CVSS 8.8
CVE-2022-32395 HIGH
Prison Management System 1.0 - SQL Injection via id Parameter
CVSS 8.8
CVE-2022-32394 HIGH
Prison Management System 1.0 - SQL Injection via id Parameter
CVSS 8.8
CVE-2022-32393 HIGH
Prison Management System 1.0 - SQL Injection via id Parameter
CVSS 8.8
CVE-2022-32392 HIGH
Prison Management System 1.0 - SQL Injection via id Parameter
CVSS 8.8
CVE-2022-32391 HIGH
Prison Management System 1.0 - SQL Injection via id Parameter
CVSS 8.8
CVE-2022-33114 HIGH
jfinal_cms 5.1.0 - SQL Injection via attrVal Parameter
CVSS 7.2
CVE-2022-33097 HIGH
74cmsse 3.5.1 - SQL Injection via Keyword Parameter
CVSS 7.5
CVE-2022-33096 HIGH
74cmsse 3.5.1 - SQL Injection via Keyword Parameter
CVSS 7.5
CVE-2022-33095 HIGH
74cmsSE 3.5.1 - SQL Injection via Resume List Keyword Parameter
CVSS 7.5
Details
Vulnerabilities 19,806
Exploit Likelihood High