CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,812 vulnerabilities with CWE-89
CVE-2022-30378
HIGH
Simple Social Networking Site 1.0 - SQL Injection via View Post ID Parameter
CVSS 7.2
CVE-2022-30376
HIGH
Simple Social Networking Site 1.0 - SQL Injection via Member ID Parameter
CVSS 7.2
CVE-2022-30374
HIGH
Air Cargo Management System 1.0 - SQL Injection via Transaction ID Parameter
CVSS 7.2
CVE-2022-30373
HIGH
Air Cargo Management System 1.0 - SQL Injection via Cargo Type ID Parameter
CVSS 7.2
CVE-2022-30372
HIGH
Air Cargo Management System 1.0 - SQL Injection via Master.php delete_cargo Parameter
CVSS 7.2
CVE-2022-30371
HIGH
Air Cargo Management System 1.0 - SQL Injection via Cargo Type ID Parameter
CVSS 7.2
CVE-2022-30370
CRITICAL
Air Cargo Management System 1.0 - SQL Injection via Master.php delete_cargo_type Parameter
CVSS 9.8
CVE-2022-29383
CRITICAL
NETGEAR ProSafe SSL VPN - SQL Injection
CVSS 9.8
CVE-2022-30002
HIGH
Insurance Management System 1.0 - SQL Injection via nominee_id Parameter
CVSS 7.2
CVE-2022-30001
CRITICAL
Insurance Management System 1.0 - SQL Injection via agent_id Parameter
CVSS 9.8
CVE-2022-30000
CRITICAL
Insurance Management System 1.0 - SQL Injection via Receipt Number Parameter
CVSS 9.8
CVE-2022-29999
CRITICAL
Insurance Management System 1.0 - SQL Injection via client_id Parameter
CVSS 9.8
CVE-2022-29998
CRITICAL
Insurance Management System 1.0 - SQL Injection via clientStatus.php client_id Parameter
CVSS 9.8
CVE-2022-29746
CRITICAL
Money Transfer Management System 1.0 - SQL Injection via Users.php Delete Parameter
CVSS 9.8
CVE-2022-29745
CRITICAL
Money Transfer Management System 1.0 - SQL Injection via Master.php delete_transaction Parameter
CVSS 9.8
CVE-2022-29741
CRITICAL
Money Transfer Management System 1.0 - SQL Injection via Master.php delete_fee Parameter
CVSS 9.8
CVE-2022-29739
CRITICAL
Money Transfer Management System 1.0 - SQL Injection via User Management Page ID Parameter
CVSS 9.8
CVE-2022-29738
CRITICAL
Money Transfer Management System 1.0 - SQL Injection via Transaction ID Parameter
CVSS 9.8
CVE-2022-29306
CRITICAL
IonizeCMS 1.0.8.1 - SQL Injection via id_page Parameter
CVSS 9.8
CVE-2022-22413
CRITICAL
IBM Robotic Process Automation <21.0.2 - SQL Injection
CVSS 9.8
CVE-2022-29995
CRITICAL
Online Sports Complex Booking System 1.0 - SQL Injection via Manage Client ID Parameter
CVSS 9.8
CVE-2022-29994
CRITICAL
Online Sports Complex Booking System 1.0 - SQL Injection via Manage Facility ID Parameter
CVSS 9.8
CVE-2022-29993
CRITICAL
Online Sports Complex Booking System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-29992
CRITICAL
Online Sports Complex Booking System 1.0 - SQL Injection via manage_category.php id Parameter
CVSS 9.8
CVE-2022-29990
CRITICAL
Online Sports Complex Booking System 1.0 - SQL Injection via view_category.php id Parameter
CVSS 9.8
Details
Vulnerabilities
19,812
Exploit Likelihood
High