CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,807 vulnerabilities with CWE-89
CVE-2022-32332
HIGH
Fast Food Ordering System 1.0 - SQL Injection via Master.php delete_category Parameter
CVSS 7.2
CVE-2022-32331
HIGH
Fast Food Ordering System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-32330
HIGH
Fast Food Ordering System 1.0 - SQL Injection via Master.php delete_menu Parameter
CVSS 7.2
CVE-2022-32336
CRITICAL
Fast Food Ordering System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-31415
MEDIUM
Online Fire Reporting System v1.0 - SQL Injection
CVSS 6.5
CVE-2022-23169
MEDIUM
amodat mobile_application_gateway < 7.12.00.09 - Authenticated SQL Injection via agentid Parameter
CVSS 5.9
CVE-2022-23168
MEDIUM
amodat mobile_application_gateway < 7.12.00.09 - SQL Injection via Login Username Parameter
CVSS 5.9
CVE-2022-1768
CRITICAL
RSVPMaker < 9.3.2 - Unauthenticated SQL Injection via rsvpmaker-email.php
CVSS 9.8
CVE-2022-2067
CRITICAL
rosariosis < 9.0 - SQL Injection
CVSS 9.1
CVE-2022-1800
HIGH
Export any WordPress data to XML/CSV < 1.3.5 - SQL Injection via cpt POST Parameter
CVSS 7.2
CVE-2022-0827
CRITICAL
Bestbooks < 2.6.3 - Unauthenticated SQL Injection via AJAX Action
CVSS 9.8
CVE-2022-0786
CRITICAL
KiviCare < 2.3.9 - Unauthenticated SQL Injection via get_doctor_details AJAX Action
CVSS 9.8
CVE-2022-31788
CRITICAL
IdeaLMS 2022 - SQL Injection via ClassAccessControl Pathname
CVSS 9.8
CVE-2022-29250
HIGH
GLPI < 10.0.1 - Authenticated SQL Injection on Search Pages
CVSS 8.1
CVE-2022-2018
MEDIUM
SourceCodester Prison Management System 1.0 - SQL Injection via Inmate Handler id Parameter
CVSS 4.7
CVE-2022-2017
MEDIUM
SourceCodester Prison Management System 1.0 - SQL Injection via Visit Handler id Parameter
CVSS 4.7
CVE-2022-31325
HIGH
ChurchCRM 4.4.5 - SQL Injection via PersonID Parameter
CVSS 7.2
CVE-2022-1692
CRITICAL
CP Image Store with Slideshow < 1.0.68 - Unauthenticated SQL Injection via ordering_by Query Parameter
CVSS 9.8
CVE-2022-1691
MEDIUM
Realty Workstation < 1.0.15 - SQL Injection via trans_edit Parameter
CVSS 4.9
CVE-2022-1690
LOW
Note Press < 0.1.10 - Authenticated SQL Injection via Bulk Action IDs
CVSS 2.7
CVE-2022-1689
LOW
Note Press < 0.1.10 - Authenticated SQL Injection via Update Parameter
CVSS 2.7
CVE-2022-1688
LOW
Note Press WordPress Plugin <= 0.1.10 - Authenticated SQL Injection via ID Parameter
CVSS 2.7
CVE-2022-1687
LOW
Logo Slider WordPress Plugin < 1.4.8 - Authenticated SQL Injection via lsp_slider_id Parameter
CVSS 2.7
CVE-2022-1686
LOW
Five Minute Webshop < 1.3.2 - Authenticated SQL Injection via Product ID Parameter
CVSS 2.7
CVE-2022-1685
MEDIUM
Five Minute Webshop < 1.3.2 - SQL Injection via Manage Products Orderby Parameter
CVSS 4.9
Details
Vulnerabilities
19,807
Exploit Likelihood
High