CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,812 vulnerabilities with CWE-89
CVE-2022-29664
HIGH
CSCMS Music Portal System v4.2 - SQL Injection via id Parameter
CVSS 8.8
CVE-2022-29663
HIGH
CSCMS Music Portal System v4.2 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-29662
HIGH
CSCMS Music Portal System v4.2 - SQL Injection via id Parameter
CVSS 7.2
CVE-2022-29661
HIGH
CSCMS Music Portal System v4.2 - Blind SQL Injection via id Parameter
CVSS 7.2
CVE-2022-29660
CRITICAL
CSCMS Music Portal System v4.2 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-29721
HIGH
74cmsse 3.5.1 - SQL Injection via Resume List Keyword Parameter
CVSS 7.5
CVE-2022-29650
CRITICAL
Online Food Ordering System 1.0 - Unauthenticated SQL Injection via Search Parameter
CVSS 9.8
CVE-2022-28862
CRITICAL
Archibus Web Central <26.2 - SQL Injection
CVSS 9.8
CVE-2022-1883
HIGH
camptocamp/terraboard <2.2.0 - SQL Injection
CVSS 8.8
CVE-2022-22495
HIGH
IBM i 7.3-7.5 - SQL Injection
CVSS 8.8
CVE-2022-30843
HIGH
Room-rent-portal-site v1.0 - SQL Injection
CVSS 8.8
CVE-2022-30838
CRITICAL
Covid-19 Travel Pass Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-30463
HIGH
Automotive Shop Management System 1.0 - SQL Injection via delete_product Parameter
CVSS 8.8
CVE-2022-30461
CRITICAL
water_billing_system v1.0 - SQL Injection via Master.php delete_client Parameter
CVSS 9.8
CVE-2022-30459
HIGH
ChatBot App with Suggestion 1.0 - SQL Injection via Master.php id Parameter
CVSS 8.8
CVE-2022-30455
CRITICAL
Badminton Center Management System 1.0 - SQL Injection via Court Rental Deletion Parameter
CVSS 9.8
CVE-2022-30454
CRITICAL
Merchandise Online Store 1.0 - SQL Injection via Master.php delete_product Parameter
CVSS 9.8
CVE-2022-1839
MEDIUM
Home Clean Services Management System 1.0 - Authenticated SQL Injection via Login Email Parameter
CVSS 6.3
CVE-2022-1838
MEDIUM
Home Clean Services Management System 1.0 - Authenticated SQL Injection via admin/login.php Username Parameter
CVSS 4.7
CVE-2022-29305
HIGH
imgurl 2.31 - Blind SQL Injection via /upload/localhost
CVSS 8.1
CVE-2022-31489
HIGH
Inout Blockchain AltExchanger 1.2.1 - SQL Injection
CVSS 7.5
CVE-2022-31488
HIGH
Inout Blockchain AltExchanger <1.2.1 - SQL Injection
CVSS 7.5
CVE-2022-31487
HIGH
Inout Blockchain <1.2.1, <2.2.1 - SQL Injection
CVSS 7.5
CVE-2022-1014
CRITICAL
WP Contacts Manager < 2.2.4 - SQL Injection via POST Data
CVSS 9.8
CVE-2022-0781
CRITICAL
Nirweb support WP <2.8.2 - SQL Injection
CVSS 9.8
Details
Vulnerabilities
19,812
Exploit Likelihood
High