CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,812 vulnerabilities with CWE-89
CVE-2022-30378 HIGH
Simple Social Networking Site 1.0 - SQL Injection via View Post ID Parameter
CVSS 7.2
CVE-2022-30376 HIGH
Simple Social Networking Site 1.0 - SQL Injection via Member ID Parameter
CVSS 7.2
CVE-2022-30374 HIGH
Air Cargo Management System 1.0 - SQL Injection via Transaction ID Parameter
CVSS 7.2
CVE-2022-30373 HIGH
Air Cargo Management System 1.0 - SQL Injection via Cargo Type ID Parameter
CVSS 7.2
CVE-2022-30372 HIGH
Air Cargo Management System 1.0 - SQL Injection via Master.php delete_cargo Parameter
CVSS 7.2
CVE-2022-30371 HIGH
Air Cargo Management System 1.0 - SQL Injection via Cargo Type ID Parameter
CVSS 7.2
CVE-2022-30370 CRITICAL
Air Cargo Management System 1.0 - SQL Injection via Master.php delete_cargo_type Parameter
CVSS 9.8
CVE-2022-29383 CRITICAL
NETGEAR ProSafe SSL VPN - SQL Injection
CVSS 9.8
CVE-2022-30002 HIGH
Insurance Management System 1.0 - SQL Injection via nominee_id Parameter
CVSS 7.2
CVE-2022-30001 CRITICAL
Insurance Management System 1.0 - SQL Injection via agent_id Parameter
CVSS 9.8
CVE-2022-30000 CRITICAL
Insurance Management System 1.0 - SQL Injection via Receipt Number Parameter
CVSS 9.8
CVE-2022-29999 CRITICAL
Insurance Management System 1.0 - SQL Injection via client_id Parameter
CVSS 9.8
CVE-2022-29998 CRITICAL
Insurance Management System 1.0 - SQL Injection via clientStatus.php client_id Parameter
CVSS 9.8
CVE-2022-29746 CRITICAL
Money Transfer Management System 1.0 - SQL Injection via Users.php Delete Parameter
CVSS 9.8
CVE-2022-29745 CRITICAL
Money Transfer Management System 1.0 - SQL Injection via Master.php delete_transaction Parameter
CVSS 9.8
CVE-2022-29741 CRITICAL
Money Transfer Management System 1.0 - SQL Injection via Master.php delete_fee Parameter
CVSS 9.8
CVE-2022-29739 CRITICAL
Money Transfer Management System 1.0 - SQL Injection via User Management Page ID Parameter
CVSS 9.8
CVE-2022-29738 CRITICAL
Money Transfer Management System 1.0 - SQL Injection via Transaction ID Parameter
CVSS 9.8
CVE-2022-29306 CRITICAL
IonizeCMS 1.0.8.1 - SQL Injection via id_page Parameter
CVSS 9.8
CVE-2022-22413 CRITICAL
IBM Robotic Process Automation <21.0.2 - SQL Injection
CVSS 9.8
CVE-2022-29995 CRITICAL
Online Sports Complex Booking System 1.0 - SQL Injection via Manage Client ID Parameter
CVSS 9.8
CVE-2022-29994 CRITICAL
Online Sports Complex Booking System 1.0 - SQL Injection via Manage Facility ID Parameter
CVSS 9.8
CVE-2022-29993 CRITICAL
Online Sports Complex Booking System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-29992 CRITICAL
Online Sports Complex Booking System 1.0 - SQL Injection via manage_category.php id Parameter
CVSS 9.8
CVE-2022-29990 CRITICAL
Online Sports Complex Booking System 1.0 - SQL Injection via view_category.php id Parameter
CVSS 9.8
Details
Vulnerabilities 19,812
Exploit Likelihood High