CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,807 vulnerabilities with CWE-89
CVE-2022-32332 HIGH
Fast Food Ordering System 1.0 - SQL Injection via Master.php delete_category Parameter
CVSS 7.2
CVE-2022-32331 HIGH
Fast Food Ordering System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-32330 HIGH
Fast Food Ordering System 1.0 - SQL Injection via Master.php delete_menu Parameter
CVSS 7.2
CVE-2022-32336 CRITICAL
Fast Food Ordering System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-31415 MEDIUM
Online Fire Reporting System v1.0 - SQL Injection
CVSS 6.5
CVE-2022-23169 MEDIUM
amodat mobile_application_gateway < 7.12.00.09 - Authenticated SQL Injection via agentid Parameter
CVSS 5.9
CVE-2022-23168 MEDIUM
amodat mobile_application_gateway < 7.12.00.09 - SQL Injection via Login Username Parameter
CVSS 5.9
CVE-2022-1768 CRITICAL
RSVPMaker < 9.3.2 - Unauthenticated SQL Injection via rsvpmaker-email.php
CVSS 9.8
CVE-2022-2067 CRITICAL
rosariosis < 9.0 - SQL Injection
CVSS 9.1
CVE-2022-1800 HIGH
Export any WordPress data to XML/CSV < 1.3.5 - SQL Injection via cpt POST Parameter
CVSS 7.2
CVE-2022-0827 CRITICAL
Bestbooks < 2.6.3 - Unauthenticated SQL Injection via AJAX Action
CVSS 9.8
CVE-2022-0786 CRITICAL
KiviCare < 2.3.9 - Unauthenticated SQL Injection via get_doctor_details AJAX Action
CVSS 9.8
CVE-2022-31788 CRITICAL
IdeaLMS 2022 - SQL Injection via ClassAccessControl Pathname
CVSS 9.8
CVE-2022-29250 HIGH
GLPI < 10.0.1 - Authenticated SQL Injection on Search Pages
CVSS 8.1
CVE-2022-2018 MEDIUM
SourceCodester Prison Management System 1.0 - SQL Injection via Inmate Handler id Parameter
CVSS 4.7
CVE-2022-2017 MEDIUM
SourceCodester Prison Management System 1.0 - SQL Injection via Visit Handler id Parameter
CVSS 4.7
CVE-2022-31325 HIGH
ChurchCRM 4.4.5 - SQL Injection via PersonID Parameter
CVSS 7.2
CVE-2022-1692 CRITICAL
CP Image Store with Slideshow < 1.0.68 - Unauthenticated SQL Injection via ordering_by Query Parameter
CVSS 9.8
CVE-2022-1691 MEDIUM
Realty Workstation < 1.0.15 - SQL Injection via trans_edit Parameter
CVSS 4.9
CVE-2022-1690 LOW
Note Press < 0.1.10 - Authenticated SQL Injection via Bulk Action IDs
CVSS 2.7
CVE-2022-1689 LOW
Note Press < 0.1.10 - Authenticated SQL Injection via Update Parameter
CVSS 2.7
CVE-2022-1688 LOW
Note Press WordPress Plugin <= 0.1.10 - Authenticated SQL Injection via ID Parameter
CVSS 2.7
CVE-2022-1687 LOW
Logo Slider WordPress Plugin < 1.4.8 - Authenticated SQL Injection via lsp_slider_id Parameter
CVSS 2.7
CVE-2022-1686 LOW
Five Minute Webshop < 1.3.2 - Authenticated SQL Injection via Product ID Parameter
CVSS 2.7
CVE-2022-1685 MEDIUM
Five Minute Webshop < 1.3.2 - SQL Injection via Manage Products Orderby Parameter
CVSS 4.9
Details
Vulnerabilities 19,807
Exploit Likelihood High