CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,806 vulnerabilities with CWE-89
CVE-2022-32370 HIGH
Advanced School Management System 1.0 - SQL Injection via Classroom ID Parameter
CVSS 7.2
CVE-2022-32374 HIGH
Advanced School Management System 1.0 - SQL Injection via /school/model/get_subject_routing.php id Parameter
CVSS 7.2
CVE-2022-32373 HIGH
Advanced School Management System 1.0 - SQL Injection via get_exam.php id Parameter
CVSS 7.2
CVE-2022-32368 HIGH
Advanced School Management System 1.0 - SQL Injection via Grade ID Parameter
CVSS 7.2
CVE-2022-32381 HIGH
Advanced School Management System 1.0 - SQL Injection via get_admin_profile.php my_index Parameter
CVSS 7.2
CVE-2022-32380 HIGH
Advanced School Management System 1.0 - SQL Injection via get_student_subject.php Index Parameter
CVSS 7.2
CVE-2022-32379 HIGH
Advanced School Management System 1.0 - SQL Injection via get_parents_profile.php my_index Parameter
CVSS 7.2
CVE-2022-32378 HIGH
Advanced School Management System 1.0 - SQL Injection via get_teacher_profile.php my_index Parameter
CVSS 7.2
CVE-2022-32377 HIGH
Advanced School Management System 1.0 - SQL Injection via Exam Timetable ID Parameter
CVSS 7.2
CVE-2022-32376 HIGH
Advanced School Management System 1.0 - SQL Injection via Event ID Parameter
CVSS 7.2
CVE-2022-32375 HIGH
Advanced School Management System 1.0 - SQL Injection via Timetable ID Parameter
CVSS 7.2
CVE-2022-32992 HIGH
Online Tours And Travels Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-32991 HIGH
Web Based Quiz System v1.0 - SQL Injection
CVSS 8.8
CVE-2022-32302 HIGH
Theme Park Ticketing System v1.0 - SQL Injection via id Parameter at edit_ticket.php
CVSS 8.8
CVE-2022-32301 CRITICAL
youdiancms v9.5.0 - SQL Injection via IdList Parameter
CVSS 9.8
CVE-2022-32300 HIGH
youdiancms v9.5.0 - SQL Injection via MailSendID Parameter
CVSS 8.8
CVE-2022-32299 HIGH
youdiancms 9.5.0 - SQL Injection via id Parameter
CVSS 8.8
CVE-2022-32101 CRITICAL
kkcms v1.3.7 - SQL Injection via cid Parameter
CVSS 9.8
CVE-2022-2086 MEDIUM
SourceCodester Bank Management System 1.0 - SQL Injection via login.php Password Parameter
CVSS 6.3
CVE-2022-32363 HIGH
Product Show Room Site v1.0 - SQL Injection via view_category.php id Parameter
CVSS 7.2
CVE-2022-32362 HIGH
Product Show Room Site 1.0 - SQL Injection via manage_category.php id Parameter
CVSS 7.2
CVE-2022-32359 HIGH
Product Show Room Site 1.0 - SQL Injection via Master.php delete_category Parameter
CVSS 7.2
CVE-2022-32358 HIGH
Product Show Room Site 1.0 - SQL Injection via Master.php delete_inquiry Parameter
CVSS 7.2
CVE-2022-32355 HIGH
Product Show Room Site 1.0 - SQL Injection via View Product ID Parameter
CVSS 7.2
CVE-2022-32354 HIGH
Product Show Room Site v1.0 - SQL Injection via Manage User ID Parameter
CVSS 7.2
Details
Vulnerabilities 19,806
Exploit Likelihood High