CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,812 vulnerabilities with CWE-89
CVE-2022-28531 CRITICAL
Sourcecodester Covid-19 Dir - SQL Injection
CVSS 9.8
CVE-2022-30886 CRITICAL
School Dormitory Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-30518 CRITICAL
ChatBot Application with a Suggestion Feature 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-28105 CRITICAL
Online Sports Complex Booking System 1.0 - Blind SQL Injection via id Parameter
CVSS 9.8
CVE-2022-26633 CRITICAL
Simple Student Quarterly Result/Grade System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-26632 CRITICAL
Multi-Vendor Online Groceries Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-29652 MEDIUM
Online Sports Complex Booking System 1.0 - SQL Injection via Users.php Save Client Parameter
CVSS 6.1
CVE-2022-29304 HIGH
Online Sports Complex Booking System 1.0 - SQL Injection
CVSS 8.8
CVE-2022-28962 CRITICAL
Online Sports Complex Booking System 1.0 - SQL Injection
CVSS 9.8
CVE-2022-28961 HIGH
Spip Web Framework <v3.1.13 - SQL Injection
CVSS 8.8
CVE-2022-30599 CRITICAL
Moodle 3.9-3.9.13 and 4.0 - SQL Injection in Badges Criteria Configuration
CVSS 9.8
CVE-2022-1361 HIGH
Cambium Networks cnMaestro - Unauthenticated SQL Injection
CVSS 7.4
CVE-2022-1358 MEDIUM
Cambium Networks cnMaestro - SQL Injection
CVSS 5.9
CVE-2022-30054 CRITICAL
Covid 19 Travel Pass Management 1.0 - SQL Injection via Code Parameter
CVSS 9.8
CVE-2022-30053 CRITICAL
Toll Tax Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-30052 CRITICAL
Home Clean Service System 1.0 - SQL Injection via Password Parameter
CVSS 9.8
CVE-2022-24391 HIGH
Fidelis Network & Deception <9.4.5 - SQL Injection
CVSS 8.8
CVE-2022-1731 CRITICAL
Metasonic Doc WebClient 7.0.3.0-7.0.14.0 - SQL Injection via Username Field
CVSS 9.8
CVE-2022-1182 HIGH
Visual Slide Box Builder < 3.2.9 - Authenticated SQL Injection via AJAX Parameters
CVSS 8.8
CVE-2022-0867 CRITICAL
Pricing Table WordPress Plugin < 3.6.1 - Unauthenticated SQL Injection via AJAX Action
CVSS 9.8
CVE-2022-30012 HIGH
hospital_management_system v.0 - SQL Injection via Appointment POST Parameters
CVSS 7.5
CVE-2022-30011 CRITICAL
Hospital Management System 1.0 - SQL Injection via Appointment POST Parameters
CVSS 9.8
CVE-2022-30765 CRITICAL
Calibre-Web <0.6.18 - SQL Injection
CVSS 9.8
CVE-2022-28930 CRITICAL
ERP-Pro 3.7.5 - SQL Injection via SysEveMenuAuthPointMapper.xml
CVSS 9.8
CVE-2022-28929 CRITICAL
Hospital Management System v1.0 - SQL Injection
CVSS 9.8
Details
Vulnerabilities 19,812
Exploit Likelihood High