CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,807 vulnerabilities with CWE-89
CVE-2022-1684 LOW
Cube Slider < 1.2 - Authenticated SQL Injection via idslider Parameter
CVSS 2.7
CVE-2022-1683 HIGH
amtyThumb < 4.2.0 - Authenticated SQL Injection via Shortcode Parameter
CVSS 8.8
CVE-2022-0788 CRITICAL
WP Fundraising Donation <1.5.0 - SQL Injection
CVSS 9.8
CVE-2022-30927 CRITICAL
Simple Task Scheduling System 1.0 - SQL Injection
CVSS 9.8
CVE-2022-30469 HIGH
Afian Filerun 20220202 - SQL Injection via metadata[] POST Parameter
CVSS 8.8
CVE-2022-31768 CRITICAL
IBM InfoSphere Information Server 11.7 - SQL Injection
CVSS 9.8
CVE-2022-29704 CRITICAL
BrowsBox CMS 4.0 - SQL Injection
CVSS 9.8
CVE-2022-32028 HIGH
Car Rental Management System 1.0 - SQL Injection via manage_user.php id Parameter
CVSS 7.2
CVE-2022-32027 HIGH
Car Rental Management System 1.0 - SQL Injection via manage_car ID Parameter
CVSS 7.2
CVE-2022-32026 HIGH
Car Rental Management System 1.0 - SQL Injection via manage_booking.php id Parameter
CVSS 7.2
CVE-2022-32025 HIGH
Car Rental Management System 1.0 - SQL Injection via view_car.php id Parameter
CVSS 7.2
CVE-2022-32024 HIGH
Car Rental Management System 1.0 - SQL Injection via booking.php car_id Parameter
CVSS 7.2
CVE-2022-32022 HIGH
Car Rental Management System 1.0 - SQL Injection via Admin Login Endpoint
CVSS 7.2
CVE-2022-32021 HIGH
Car Rental Management System 1.0 - SQL Injection via manage_movement.php id Parameter
CVSS 7.2
CVE-2022-32018 HIGH
Complete Online Job Search System 1.0 - SQL Injection via Search Parameter
CVSS 7.2
CVE-2022-32017 HIGH
Complete Online Job Search System 1.0 - SQL Injection via Search Parameter
CVSS 7.2
CVE-2022-32016 HIGH
Complete Online Job Search System 1.0 - SQL Injection via Search Parameter
CVSS 7.2
CVE-2022-32015 HIGH
Complete Online Job Search System 1.0 - SQL Injection via Search Parameter
CVSS 7.2
CVE-2022-32014 HIGH
Complete Online Job Search System 1.0 - SQL Injection via Search Parameter
CVSS 7.2
CVE-2022-32013 HIGH
Complete Online Job Search System 1.0 - SQL Injection via Admin Category Edit ID Parameter
CVSS 7.2
CVE-2022-32012 HIGH
Complete Online Job Search System 1.0 - SQL Injection via Admin Employee Edit ID Parameter
CVSS 7.2
CVE-2022-32011 HIGH
Complete Online Job Search System 1.0 - SQL Injection via Admin Applicants View Parameter
CVSS 7.2
CVE-2022-32010 HIGH
Complete Online Job Search System 1.0 - SQL Injection via User Edit ID Parameter
CVSS 7.2
CVE-2022-32008 HIGH
Complete Online Job Search System 1.0 - SQL Injection via Vacancy Edit ID Parameter
CVSS 7.2
CVE-2022-32007 HIGH
Complete Online Job Search System 1.0 - SQL Injection via Admin Company Edit ID Parameter
CVSS 7.2
Details
Vulnerabilities 19,807
Exploit Likelihood High