CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,812 vulnerabilities with CWE-89
CVE-2022-24831
HIGH
OpenClinica < 3.13.1 - SQL Injection
CVSS 8.3
CVE-2022-30417
HIGH
Covid-19 Travel Pass Management System 1.0 - SQL Injection via User Management ID Parameter
CVSS 7.2
CVE-2022-30415
HIGH
Covid-19 Travel Pass Management System 1.0 - SQL Injection via Update Status ID Parameter
CVSS 7.2
CVE-2022-30414
HIGH
Covid-19 Travel Pass Management System 1.0 - SQL Injection via View Application ID Parameter
CVSS 7.2
CVE-2022-30413
CRITICAL
Covid-19 Travel Pass Management System 1.0 - SQL Injection via Master.php delete_application Parameter
CVSS 9.8
CVE-2022-30412
HIGH
Covid-19 Travel Pass Management System 1.0 - SQL Injection via Update Status ID Parameter
CVSS 7.2
CVE-2022-30411
HIGH
Covid-19 Travel Pass Management System 1.0 - SQL Injection via Individuals View ID Parameter
CVSS 7.2
CVE-2022-30407
CRITICAL
Pharmacy Sales And Inventory System 1.0 - SQL Injection via manage_user.php id Parameter
CVSS 9.8
CVE-2022-30404
HIGH
College Management System 1.0 - SQL Injection via Teacher ID Parameter
CVSS 7.2
CVE-2022-30403
HIGH
Merchandise Online Store v1.0 - SQL Injection via Product Category Parameter
CVSS 7.2
CVE-2022-30402
HIGH
Merchandise Online Store v1.0 - SQL Injection via Sub-Category ID Parameter
CVSS 7.2
CVE-2022-30401
HIGH
Merchandise Online Store v1.0 - SQL Injection via View Product ID Parameter
CVSS 7.2
CVE-2022-30400
HIGH
Merchandise Online Store v1.0 - SQL Injection via view_order.php id Parameter
CVSS 7.2
CVE-2022-30399
HIGH
Merchandise Online Store v1.0 - SQL Injection via Manage Category ID Parameter
CVSS 7.2
CVE-2022-30398
HIGH
Merchandise Online Store 1.0 - SQL Injection via Order View ID Parameter
CVSS 7.2
CVE-2022-30396
HIGH
Merchandise Online Store 1.0 - SQL Injection via Inventory Management ID Parameter
CVSS 7.2
CVE-2022-30395
CRITICAL
Merchandise Online Store 1.0 - SQL Injection via delete_cart Parameter
CVSS 9.8
CVE-2022-30393
HIGH
Merchandise Online Store 1.0 - SQL Injection via Product Management ID Parameter
CVSS 7.2
CVE-2022-30392
CRITICAL
Merchandise Online Store v1.0 - SQL Injection via Master.php delete_sub_category Parameter
CVSS 9.8
CVE-2022-30391
CRITICAL
Merchandise Online Store 1.0 - SQL Injection via delete_category Parameter
CVSS 9.8
CVE-2022-30387
CRITICAL
Merchandise Online Store v1.0 - SQL Injection via Master.php pay_order Parameter
CVSS 9.8
CVE-2022-30386
CRITICAL
Merchandise Online Store 1.0 - SQL Injection via Master.php delete_featured Parameter
CVSS 9.8
CVE-2022-30385
CRITICAL
Merchandise Online Store v1.0 - SQL Injection via Master.php delete_order Parameter
CVSS 9.8
CVE-2022-30384
CRITICAL
Merchandise Online Store v1.0 - SQL Injection via Master.php delete_inventory Parameter
CVSS 9.8
CVE-2022-30379
HIGH
Simple Social Networking Site 1.0 - SQL Injection via User Management ID Parameter
CVSS 7.2
Details
Vulnerabilities
19,812
Exploit Likelihood
High