CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,812 vulnerabilities with CWE-89
CVE-2022-29664 HIGH
CSCMS Music Portal System v4.2 - SQL Injection via id Parameter
CVSS 8.8
CVE-2022-29663 HIGH
CSCMS Music Portal System v4.2 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-29662 HIGH
CSCMS Music Portal System v4.2 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-29661 HIGH
CSCMS Music Portal System v4.2 - Blind SQL Injection via id Parameter
CVSS 7.2
CVE-2022-29660 CRITICAL
CSCMS Music Portal System v4.2 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-29721 HIGH
74cmsse 3.5.1 - SQL Injection via Resume List Keyword Parameter
CVSS 7.5
CVE-2022-29650 CRITICAL
Online Food Ordering System 1.0 - Unauthenticated SQL Injection via Search Parameter
CVSS 9.8
CVE-2022-28862 CRITICAL
Archibus Web Central <26.2 - SQL Injection
CVSS 9.8
CVE-2022-1883 HIGH
camptocamp/terraboard <2.2.0 - SQL Injection
CVSS 8.8
CVE-2022-22495 HIGH
IBM i 7.3-7.5 - SQL Injection
CVSS 8.8
CVE-2022-30843 HIGH
Room-rent-portal-site v1.0 - SQL Injection
CVSS 8.8
CVE-2022-30838 CRITICAL
Covid-19 Travel Pass Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-30463 HIGH
Automotive Shop Management System 1.0 - SQL Injection via delete_product Parameter
CVSS 8.8
CVE-2022-30461 CRITICAL
water_billing_system v1.0 - SQL Injection via Master.php delete_client Parameter
CVSS 9.8
CVE-2022-30459 HIGH
ChatBot App with Suggestion 1.0 - SQL Injection via Master.php id Parameter
CVSS 8.8
CVE-2022-30455 CRITICAL
Badminton Center Management System 1.0 - SQL Injection via Court Rental Deletion Parameter
CVSS 9.8
CVE-2022-30454 CRITICAL
Merchandise Online Store 1.0 - SQL Injection via Master.php delete_product Parameter
CVSS 9.8
CVE-2022-1839 MEDIUM
Home Clean Services Management System 1.0 - Authenticated SQL Injection via Login Email Parameter
CVSS 6.3
CVE-2022-1838 MEDIUM
Home Clean Services Management System 1.0 - Authenticated SQL Injection via admin/login.php Username Parameter
CVSS 4.7
CVE-2022-29305 HIGH
imgurl 2.31 - Blind SQL Injection via /upload/localhost
CVSS 8.1
CVE-2022-31489 HIGH
Inout Blockchain AltExchanger 1.2.1 - SQL Injection
CVSS 7.5
CVE-2022-31488 HIGH
Inout Blockchain AltExchanger <1.2.1 - SQL Injection
CVSS 7.5
CVE-2022-31487 HIGH
Inout Blockchain <1.2.1, <2.2.1 - SQL Injection
CVSS 7.5
CVE-2022-1014 CRITICAL
WP Contacts Manager < 2.2.4 - SQL Injection via POST Data
CVSS 9.8
CVE-2022-0781 CRITICAL
Nirweb support WP <2.8.2 - SQL Injection
CVSS 9.8
Details
Vulnerabilities 19,812
Exploit Likelihood High