CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,807 vulnerabilities with CWE-89
CVE-2022-31994
HIGH
Badminton Center Management System 1.0 - SQL Injection via Sales View Details ID Parameter
CVSS 7.2
CVE-2022-31993
CRITICAL
Badminton Center Management System 1.0 - SQL Injection via Master.php delete_service Parameter
CVSS 9.8
CVE-2022-31992
HIGH
Badminton Center Management System 1.0 - SQL Injection via Court Rentals View ID Parameter
CVSS 7.2
CVE-2022-31991
CRITICAL
Badminton Center Management System 1.0 - SQL Injection via delete_court Parameter
CVSS 9.8
CVE-2022-31990
CRITICAL
Badminton Center Management System 1.0 - SQL Injection via Master.php delete_product Parameter
CVSS 9.8
CVE-2022-31989
CRITICAL
Badminton Center Management System 1.0 - SQL Injection via User Management ID Parameter
CVSS 9.8
CVE-2022-31988
HIGH
Badminton Center Management System 1.0 - SQL Injection via Daily Services Report Date Parameter
CVSS 7.2
CVE-2022-31986
HIGH
Badminton Center Management System 1.0 - SQL Injection via Daily Court Rental Report Date Parameter
CVSS 7.2
CVE-2022-31985
HIGH
Badminton Center Management System 1.0 - SQL Injection via Daily Sales Report Date Parameter
CVSS 7.2
CVE-2022-32006
HIGH
Badminton Center Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-32005
HIGH
Badminton Center Management System 1.0 - SQL Injection via manage_service.php id Parameter
CVSS 7.2
CVE-2022-32004
HIGH
Badminton Center Management System 1.0 - SQL Injection via manage_product.php id Parameter
CVSS 7.2
CVE-2022-32003
HIGH
Badminton Center Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-32002
CRITICAL
Badminton Center Management System 1.0 - SQL Injection via manage_court.php id Parameter
CVSS 9.8
CVE-2022-32001
HIGH
Badminton Center Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-32000
HIGH
Badminton Center Management System 1.0 - SQL Injection via Service Transaction ID Parameter
CVSS 7.2
CVE-2022-31998
HIGH
Badminton Center Management System 1.0 - SQL Injection via Service Transactions ID Parameter
CVSS 7.2
CVE-2022-31996
HIGH
Badminton Center Management System 1.0 - SQL Injection via Sales Management ID Parameter
CVSS 7.2
CVE-2022-31984
HIGH
Online Fire Reporting System 1.0 - SQL Injection via Take Action ID Parameter
CVSS 7.2
CVE-2022-31983
HIGH
Online Fire Reporting System 1.0 - SQL Injection via Request ID Parameter
CVSS 7.2
CVE-2022-31982
HIGH
Online Fire Reporting System 1.0 - SQL Injection via Request ID Parameter
CVSS 7.2
CVE-2022-31981
HIGH
Online Fire Reporting System 1.0 - SQL Injection via Teams View Endpoint
CVSS 7.2
CVE-2022-31980
HIGH
Online Fire Reporting System 1.0 - SQL Injection via Team Management ID Parameter
CVSS 7.2
CVE-2022-31978
CRITICAL
Online Fire Reporting System 1.0 - SQL Injection via Master.php delete_inquiry Parameter
CVSS 9.8
CVE-2022-31977
CRITICAL
Online Fire Reporting System 1.0 - SQL Injection via Master.php delete_team Parameter
CVSS 9.8
Details
Vulnerabilities
19,807
Exploit Likelihood
High