CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,807 vulnerabilities with CWE-89
CVE-2022-32354 HIGH
Product Show Room Site v1.0 - SQL Injection via Manage User ID Parameter
CVSS 7.2
CVE-2022-32353 HIGH
Product Show Room Site 1.0 - SQL Injection via manage_field_order.php id Parameter
CVSS 7.2
CVE-2022-32367 HIGH
Product Show Room Site 1.0 - SQL Injection via Inquiry View ID Parameter
CVSS 7.2
CVE-2022-32366 HIGH
Product Show Room Site 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-32365 HIGH
Product Show Room Site 1.0 - SQL Injection via manage_field.php id Parameter
CVSS 7.2
CVE-2022-32364 HIGH
Product Show Room Site 1.0 - SQL Injection via Manage Product ID Parameter
CVSS 7.2
CVE-2022-32337 CRITICAL
Hospital's Patient Records Management System 1.0 - SQL Injection via manage_patient.php id Parameter
CVSS 9.8
CVE-2022-32352 CRITICAL
Hospital's Patient Records Management System 1.0 - SQL Injection via delete_patient_admission Parameter
CVSS 9.8
CVE-2022-32351 HIGH
Hospital's Patient Records Management System v1.0 - SQL Injection via Master.php delete_message Parameter
CVSS 7.2
CVE-2022-32350 HIGH
Hospital's Patient Records Management System 1.0 - SQL Injection via Master.php delete_room_type Parameter
CVSS 7.2
CVE-2022-32349 HIGH
Hospital's Patient Records Management System 1.0 - SQL Injection via Master.php delete_patient_history Parameter
CVSS 7.2
CVE-2022-32348 HIGH
Hospital's Patient Records Management System 1.0 - SQL Injection via Master.php delete_doctor Parameter
CVSS 7.2
CVE-2022-32347 HIGH
Hospital's Patient Records Management System 1.0 - SQL Injection via Master.php delete_room Parameter
CVSS 7.2
CVE-2022-32346 HIGH
Hospital's Patient Records Management System 1.0 - SQL Injection via view_room.php id Parameter
CVSS 7.2
CVE-2022-32345 HIGH
Hospital's Patient Records Management System 1.0 - SQL Injection via manage_room.php id Parameter
CVSS 7.2
CVE-2022-32344 HIGH
Hospital's Patient Records Management System 1.0 - SQL Injection via Master.php delete_patient Parameter
CVSS 7.2
CVE-2022-32343 HIGH
Hospital's Patient Records Management System v1.0 - SQL Injection via manage_room_type.php id Parameter
CVSS 7.2
CVE-2022-32342 HIGH
Hospital's Patient Records Management System 1.0 - SQL Injection via Room Type ID Parameter
CVSS 7.2
CVE-2022-32341 HIGH
Hospital's Patient Records Management System 1.0 - SQL Injection via manage_user ID Parameter
CVSS 7.2
CVE-2022-32340 HIGH
Hospital's Patient Records Management System 1.0 - SQL Injection via Patient ID Parameter
CVSS 7.2
CVE-2022-32339 HIGH
Hospital's Patient Records Management System v1.0 - SQL Injection via view_doctor.php id Parameter
CVSS 7.2
CVE-2022-32338 HIGH
Hospital's Patient Records Management System v1.0 - SQL Injection via manage_doctor.php id Parameter
CVSS 7.2
CVE-2022-32335 HIGH
Fast Food Ordering System 1.0 - SQL Injection via manage_menu.php id Parameter
CVSS 7.2
CVE-2022-32334 HIGH
Fast Food Ordering System 1.0 - SQL Injection via manage_category.php id Parameter
CVSS 7.2
CVE-2022-32333 HIGH
Fast Food Ordering System 1.0 - SQL Injection via Receipt ID Parameter
CVSS 7.2
Details
Vulnerabilities 19,807
Exploit Likelihood High