CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,807 vulnerabilities with CWE-89
CVE-2022-31994 HIGH
Badminton Center Management System 1.0 - SQL Injection via Sales View Details ID Parameter
CVSS 7.2
CVE-2022-31993 CRITICAL
Badminton Center Management System 1.0 - SQL Injection via Master.php delete_service Parameter
CVSS 9.8
CVE-2022-31992 HIGH
Badminton Center Management System 1.0 - SQL Injection via Court Rentals View ID Parameter
CVSS 7.2
CVE-2022-31991 CRITICAL
Badminton Center Management System 1.0 - SQL Injection via delete_court Parameter
CVSS 9.8
CVE-2022-31990 CRITICAL
Badminton Center Management System 1.0 - SQL Injection via Master.php delete_product Parameter
CVSS 9.8
CVE-2022-31989 CRITICAL
Badminton Center Management System 1.0 - SQL Injection via User Management ID Parameter
CVSS 9.8
CVE-2022-31988 HIGH
Badminton Center Management System 1.0 - SQL Injection via Daily Services Report Date Parameter
CVSS 7.2
CVE-2022-31986 HIGH
Badminton Center Management System 1.0 - SQL Injection via Daily Court Rental Report Date Parameter
CVSS 7.2
CVE-2022-31985 HIGH
Badminton Center Management System 1.0 - SQL Injection via Daily Sales Report Date Parameter
CVSS 7.2
CVE-2022-32006 HIGH
Badminton Center Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-32005 HIGH
Badminton Center Management System 1.0 - SQL Injection via manage_service.php id Parameter
CVSS 7.2
CVE-2022-32004 HIGH
Badminton Center Management System 1.0 - SQL Injection via manage_product.php id Parameter
CVSS 7.2
CVE-2022-32003 HIGH
Badminton Center Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-32002 CRITICAL
Badminton Center Management System 1.0 - SQL Injection via manage_court.php id Parameter
CVSS 9.8
CVE-2022-32001 HIGH
Badminton Center Management System 1.0 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-32000 HIGH
Badminton Center Management System 1.0 - SQL Injection via Service Transaction ID Parameter
CVSS 7.2
CVE-2022-31998 HIGH
Badminton Center Management System 1.0 - SQL Injection via Service Transactions ID Parameter
CVSS 7.2
CVE-2022-31996 HIGH
Badminton Center Management System 1.0 - SQL Injection via Sales Management ID Parameter
CVSS 7.2
CVE-2022-31984 HIGH
Online Fire Reporting System 1.0 - SQL Injection via Take Action ID Parameter
CVSS 7.2
CVE-2022-31983 HIGH
Online Fire Reporting System 1.0 - SQL Injection via Request ID Parameter
CVSS 7.2
CVE-2022-31982 HIGH
Online Fire Reporting System 1.0 - SQL Injection via Request ID Parameter
CVSS 7.2
CVE-2022-31981 HIGH
Online Fire Reporting System 1.0 - SQL Injection via Teams View Endpoint
CVSS 7.2
CVE-2022-31980 HIGH
Online Fire Reporting System 1.0 - SQL Injection via Team Management ID Parameter
CVSS 7.2
CVE-2022-31978 CRITICAL
Online Fire Reporting System 1.0 - SQL Injection via Master.php delete_inquiry Parameter
CVSS 9.8
CVE-2022-31977 CRITICAL
Online Fire Reporting System 1.0 - SQL Injection via Master.php delete_team Parameter
CVSS 9.8
Details
Vulnerabilities 19,807
Exploit Likelihood High