CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,807 vulnerabilities with CWE-89
CVE-2022-30823 HIGH
Wedding Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-30818 HIGH
Wedding Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-30817 CRITICAL
Simple Bus Ticket Booking System 1.0 - SQL Injection
CVSS 9.8
CVE-2022-30816 CRITICAL
elitecms 1.01 - SQL Injection via /admin/edit_sidebar.php
CVSS 9.8
CVE-2022-30815 CRITICAL
elitecms 1.01 - SQL Injection via admin/edit_sidebar.php
CVSS 9.8
CVE-2022-30814 CRITICAL
elitecms 1.01 - SQL Injection via /admin/add_sidebar.php
CVSS 9.8
CVE-2022-30813 CRITICAL
elitecms 1.01 - SQL Injection via /admin/add_post.php
CVSS 9.8
CVE-2022-30810 CRITICAL
elitecms 1.01 - SQL Injection via admin/edit_post.php
CVSS 9.8
CVE-2022-30809 CRITICAL
elitecms 1.01 - SQL Injection via /admin/edit_page.php
CVSS 9.8
CVE-2022-30799 HIGH
Online Ordering System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-30798 HIGH
Online Ordering System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-30797 CRITICAL
Online Ordering System 1.0 - SQL Injection
CVSS 9.8
CVE-2022-30795 HIGH
Online Ordering System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-30794 HIGH
Online Ordering System v1.0 - SQL Injection
CVSS 7.2
CVE-2022-30512 CRITICAL
School Dormitory Management System 1.0 - SQL Injection via Payment History Page
CVSS 9.8
CVE-2022-30511 CRITICAL
School Dormitory Management System 1.0 - SQL Injection via accounts/view_details.php
CVSS 9.8
CVE-2022-30510 CRITICAL
School Dormitory Management System 1.0 - SQL Injection via Daily Collection Report
CVSS 9.8
CVE-2022-30496 HIGH
IDCE MV 1.0 - SQL Injection via Logon Page User Field
CVSS 7.5
CVE-2022-30490 CRITICAL
Badminton Center Management System V1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-30481 CRITICAL
food-order-and-table-reservation-system 1.0 - SQL Injection via catid Parameter
CVSS 9.8
CVE-2022-30478 CRITICAL
Ecommerce-project-with-php-and-mysqli-Fruits-Bazar 1.0 - SQL Injection via search_product.php Keyword Parameter
CVSS 9.8
CVE-2022-30352 CRITICAL
phpABook 0.9i - SQL Injection via auth_user Parameter
CVSS 9.8
CVE-2022-29659 CRITICAL
Responsive Online Blog v1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-24240 CRITICAL
ACEweb Online Portal 3.5.065 - SQL Injection
CVSS 9.8
CVE-2022-24848 HIGH
DHIS2 < 2.36.10.1 - Authenticated SQL Injection via Programs API Endpoint
CVSS 8.8
Details
Vulnerabilities 19,807
Exploit Likelihood High