CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,812 vulnerabilities with CWE-89
CVE-2022-28531
CRITICAL
Sourcecodester Covid-19 Dir - SQL Injection
CVSS 9.8
CVE-2022-30886
CRITICAL
School Dormitory Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-30518
CRITICAL
ChatBot Application with a Suggestion Feature 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-28105
CRITICAL
Online Sports Complex Booking System 1.0 - Blind SQL Injection via id Parameter
CVSS 9.8
CVE-2022-26633
CRITICAL
Simple Student Quarterly Result/Grade System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-26632
CRITICAL
Multi-Vendor Online Groceries Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-29652
MEDIUM
Online Sports Complex Booking System 1.0 - SQL Injection via Users.php Save Client Parameter
CVSS 6.1
CVE-2022-29304
HIGH
Online Sports Complex Booking System 1.0 - SQL Injection
CVSS 8.8
CVE-2022-28962
CRITICAL
Online Sports Complex Booking System 1.0 - SQL Injection
CVSS 9.8
CVE-2022-28961
HIGH
Spip Web Framework <v3.1.13 - SQL Injection
CVSS 8.8
CVE-2022-30599
CRITICAL
Moodle 3.9-3.9.13 and 4.0 - SQL Injection in Badges Criteria Configuration
CVSS 9.8
CVE-2022-1361
HIGH
Cambium Networks cnMaestro - Unauthenticated SQL Injection
CVSS 7.4
CVE-2022-1358
MEDIUM
Cambium Networks cnMaestro - SQL Injection
CVSS 5.9
CVE-2022-30054
CRITICAL
Covid 19 Travel Pass Management 1.0 - SQL Injection via Code Parameter
CVSS 9.8
CVE-2022-30053
CRITICAL
Toll Tax Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-30052
CRITICAL
Home Clean Service System 1.0 - SQL Injection via Password Parameter
CVSS 9.8
CVE-2022-24391
HIGH
Fidelis Network & Deception <9.4.5 - SQL Injection
CVSS 8.8
CVE-2022-1731
CRITICAL
Metasonic Doc WebClient 7.0.3.0-7.0.14.0 - SQL Injection via Username Field
CVSS 9.8
CVE-2022-1182
HIGH
Visual Slide Box Builder < 3.2.9 - Authenticated SQL Injection via AJAX Parameters
CVSS 8.8
CVE-2022-0867
CRITICAL
Pricing Table WordPress Plugin < 3.6.1 - Unauthenticated SQL Injection via AJAX Action
CVSS 9.8
CVE-2022-30012
HIGH
hospital_management_system v.0 - SQL Injection via Appointment POST Parameters
CVSS 7.5
CVE-2022-30011
CRITICAL
Hospital Management System 1.0 - SQL Injection via Appointment POST Parameters
CVSS 9.8
CVE-2022-30765
CRITICAL
Calibre-Web <0.6.18 - SQL Injection
CVSS 9.8
CVE-2022-28930
CRITICAL
ERP-Pro 3.7.5 - SQL Injection via SysEveMenuAuthPointMapper.xml
CVSS 9.8
CVE-2022-28929
CRITICAL
Hospital Management System v1.0 - SQL Injection
CVSS 9.8
Details
Vulnerabilities
19,812
Exploit Likelihood
High