CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,806 vulnerabilities with CWE-89
CVE-2022-32370
HIGH
Advanced School Management System 1.0 - SQL Injection via Classroom ID Parameter
CVSS 7.2
CVE-2022-32374
HIGH
Advanced School Management System 1.0 - SQL Injection via /school/model/get_subject_routing.php id Parameter
CVSS 7.2
CVE-2022-32373
HIGH
Advanced School Management System 1.0 - SQL Injection via get_exam.php id Parameter
CVSS 7.2
CVE-2022-32368
HIGH
Advanced School Management System 1.0 - SQL Injection via Grade ID Parameter
CVSS 7.2
CVE-2022-32381
HIGH
Advanced School Management System 1.0 - SQL Injection via get_admin_profile.php my_index Parameter
CVSS 7.2
CVE-2022-32380
HIGH
Advanced School Management System 1.0 - SQL Injection via get_student_subject.php Index Parameter
CVSS 7.2
CVE-2022-32379
HIGH
Advanced School Management System 1.0 - SQL Injection via get_parents_profile.php my_index Parameter
CVSS 7.2
CVE-2022-32378
HIGH
Advanced School Management System 1.0 - SQL Injection via get_teacher_profile.php my_index Parameter
CVSS 7.2
CVE-2022-32377
HIGH
Advanced School Management System 1.0 - SQL Injection via Exam Timetable ID Parameter
CVSS 7.2
CVE-2022-32376
HIGH
Advanced School Management System 1.0 - SQL Injection via Event ID Parameter
CVSS 7.2
CVE-2022-32375
HIGH
Advanced School Management System 1.0 - SQL Injection via Timetable ID Parameter
CVSS 7.2
CVE-2022-32992
HIGH
Online Tours And Travels Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-32991
HIGH
Web Based Quiz System v1.0 - SQL Injection
CVSS 8.8
CVE-2022-32302
HIGH
Theme Park Ticketing System v1.0 - SQL Injection via id Parameter at edit_ticket.php
CVSS 8.8
CVE-2022-32301
CRITICAL
youdiancms v9.5.0 - SQL Injection via IdList Parameter
CVSS 9.8
CVE-2022-32300
HIGH
youdiancms v9.5.0 - SQL Injection via MailSendID Parameter
CVSS 8.8
CVE-2022-32299
HIGH
youdiancms 9.5.0 - SQL Injection via id Parameter
CVSS 8.8
CVE-2022-32101
CRITICAL
kkcms v1.3.7 - SQL Injection via cid Parameter
CVSS 9.8
CVE-2022-2086
MEDIUM
SourceCodester Bank Management System 1.0 - SQL Injection via login.php Password Parameter
CVSS 6.3
CVE-2022-32363
HIGH
Product Show Room Site v1.0 - SQL Injection via view_category.php id Parameter
CVSS 7.2
CVE-2022-32362
HIGH
Product Show Room Site 1.0 - SQL Injection via manage_category.php id Parameter
CVSS 7.2
CVE-2022-32359
HIGH
Product Show Room Site 1.0 - SQL Injection via Master.php delete_category Parameter
CVSS 7.2
CVE-2022-32358
HIGH
Product Show Room Site 1.0 - SQL Injection via Master.php delete_inquiry Parameter
CVSS 7.2
CVE-2022-32355
HIGH
Product Show Room Site 1.0 - SQL Injection via View Product ID Parameter
CVSS 7.2
CVE-2022-32354
HIGH
Product Show Room Site v1.0 - SQL Injection via Manage User ID Parameter
CVSS 7.2
Details
Vulnerabilities
19,806
Exploit Likelihood
High