CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,806 vulnerabilities with CWE-89
CVE-2022-33094 HIGH
74cmsse 3.5.1 - SQL Injection via Keyword Parameter
CVSS 7.5
CVE-2022-33093 HIGH
74cmsse 3.5.1 - SQL Injection via Freelance Resume List Key Parameter
CVSS 7.5
CVE-2022-33092 HIGH
74cmsse 3.5.1 - SQL Injection via Keyword Parameter
CVSS 7.5
CVE-2022-31787 CRITICAL
ideaco IdeaTMS 2022 - SQL Injection via PATH_INFO
CVSS 9.8
CVE-2022-31361 CRITICAL
Docebo Community Edition <4.0.5 - SQL Injection
CVSS 9.8
CVE-2022-33056 HIGH
Online Railway Reservation System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-33055 HIGH
Online Railway Reservation System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-33049 HIGH
Online Railway Reservation System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-33048 HIGH
Online Railway Reservation System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-1905 CRITICAL
Events Made Easy WordPress Plugin < 2.2.81 - Unauthenticated SQL Injection via AJAX Action
CVSS 9.8
CVE-2022-1472 HIGH
Better Find and Replace WordPress Plugin < 1.3.6 - SQL Injection
CVSS 7.2
CVE-2022-26669 HIGH
ASUS Control Center - SQL Injection
CVSS 8.8
CVE-2022-31941 CRITICAL
Rescue Dispatch Management System 1.0 - SQL Injection via User Management ID Parameter
CVSS 9.8
CVE-2022-31357 CRITICAL
Online Ordering System v2.3.2 - SQL Injection
CVSS 9.8
CVE-2022-31356 CRITICAL
Online Ordering System v2.3.2 - SQL Injection
CVSS 9.8
CVE-2022-31355 CRITICAL
Online Ordering System v2.3.2 - SQL Injection
CVSS 9.8
CVE-2022-31296 CRITICAL
Online Discussion Forum Site 1 - SQL Injection
CVSS 9.8
CVE-2022-31384 CRITICAL
Directory Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-31383 CRITICAL
Directory Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-31382 CRITICAL
Directory Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-31912 HIGH
Online Tutor Portal Site 1.0 - SQL Injection via Master.php delete_team Parameter
CVSS 7.2
CVE-2022-31911 HIGH
Online Discussion Forum Site 1.0 - SQL Injection via Master.php delete_team Parameter
CVSS 7.2
CVE-2022-31908 HIGH
Student Registration and Fee Payment System 1.0 - SQL Injection via student.php
CVSS 7.2
CVE-2022-32372 HIGH
Advanced School Management System 1.0 - SQL Injection via /school/model/get_subject.php id Parameter
CVSS 7.2
CVE-2022-32371 HIGH
Advanced School Management System 1.0 - SQL Injection via /school/model/get_teacher.php id Parameter
CVSS 7.2
Details
Vulnerabilities 19,806
Exploit Likelihood High