CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,812 vulnerabilities with CWE-89
CVE-2022-24831 HIGH
OpenClinica < 3.13.1 - SQL Injection
CVSS 8.3
CVE-2022-30417 HIGH
Covid-19 Travel Pass Management System 1.0 - SQL Injection via User Management ID Parameter
CVSS 7.2
CVE-2022-30415 HIGH
Covid-19 Travel Pass Management System 1.0 - SQL Injection via Update Status ID Parameter
CVSS 7.2
CVE-2022-30414 HIGH
Covid-19 Travel Pass Management System 1.0 - SQL Injection via View Application ID Parameter
CVSS 7.2
CVE-2022-30413 CRITICAL
Covid-19 Travel Pass Management System 1.0 - SQL Injection via Master.php delete_application Parameter
CVSS 9.8
CVE-2022-30412 HIGH
Covid-19 Travel Pass Management System 1.0 - SQL Injection via Update Status ID Parameter
CVSS 7.2
CVE-2022-30411 HIGH
Covid-19 Travel Pass Management System 1.0 - SQL Injection via Individuals View ID Parameter
CVSS 7.2
CVE-2022-30407 CRITICAL
Pharmacy Sales And Inventory System 1.0 - SQL Injection via manage_user.php id Parameter
CVSS 9.8
CVE-2022-30404 HIGH
College Management System 1.0 - SQL Injection via Teacher ID Parameter
CVSS 7.2
CVE-2022-30403 HIGH
Merchandise Online Store v1.0 - SQL Injection via Product Category Parameter
CVSS 7.2
CVE-2022-30402 HIGH
Merchandise Online Store v1.0 - SQL Injection via Sub-Category ID Parameter
CVSS 7.2
CVE-2022-30401 HIGH
Merchandise Online Store v1.0 - SQL Injection via View Product ID Parameter
CVSS 7.2
CVE-2022-30400 HIGH
Merchandise Online Store v1.0 - SQL Injection via view_order.php id Parameter
CVSS 7.2
CVE-2022-30399 HIGH
Merchandise Online Store v1.0 - SQL Injection via Manage Category ID Parameter
CVSS 7.2
CVE-2022-30398 HIGH
Merchandise Online Store 1.0 - SQL Injection via Order View ID Parameter
CVSS 7.2
CVE-2022-30396 HIGH
Merchandise Online Store 1.0 - SQL Injection via Inventory Management ID Parameter
CVSS 7.2
CVE-2022-30395 CRITICAL
Merchandise Online Store 1.0 - SQL Injection via delete_cart Parameter
CVSS 9.8
CVE-2022-30393 HIGH
Merchandise Online Store 1.0 - SQL Injection via Product Management ID Parameter
CVSS 7.2
CVE-2022-30392 CRITICAL
Merchandise Online Store v1.0 - SQL Injection via Master.php delete_sub_category Parameter
CVSS 9.8
CVE-2022-30391 CRITICAL
Merchandise Online Store 1.0 - SQL Injection via delete_category Parameter
CVSS 9.8
CVE-2022-30387 CRITICAL
Merchandise Online Store v1.0 - SQL Injection via Master.php pay_order Parameter
CVSS 9.8
CVE-2022-30386 CRITICAL
Merchandise Online Store 1.0 - SQL Injection via Master.php delete_featured Parameter
CVSS 9.8
CVE-2022-30385 CRITICAL
Merchandise Online Store v1.0 - SQL Injection via Master.php delete_order Parameter
CVSS 9.8
CVE-2022-30384 CRITICAL
Merchandise Online Store v1.0 - SQL Injection via Master.php delete_inventory Parameter
CVSS 9.8
CVE-2022-30379 HIGH
Simple Social Networking Site 1.0 - SQL Injection via User Management ID Parameter
CVSS 7.2
Details
Vulnerabilities 19,812
Exploit Likelihood High