CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,812 vulnerabilities with CWE-89
CVE-2022-29989
CRITICAL
Online Sports Complex Booking System 1.0 - SQL Injection via Master.php delete_booking Parameter
CVSS 9.8
CVE-2022-29988
CRITICAL
Online Sports Complex Booking System 1.0 - SQL Injection via Master.php Delete Parameter
CVSS 9.8
CVE-2022-29987
CRITICAL
Online Sports Complex Booking System 1.0 - SQL Injection via manage_user ID Parameter
CVSS 9.8
CVE-2022-29986
CRITICAL
Online Sports Complex Booking System 1.0 - SQL Injection via Master.php delete_facility Parameter
CVSS 9.8
CVE-2022-29985
CRITICAL
Online Sports Complex Booking System 1.0 - SQL Injection via Master.php delete_category Parameter
CVSS 9.8
CVE-2022-29984
CRITICAL
Simple Client Management System 1.0 - SQL Injection via Client View Page ID Parameter
CVSS 9.8
CVE-2022-29983
CRITICAL
Simple Client Management System 1.0 - SQL Injection via Invoice ID Parameter
CVSS 9.8
CVE-2022-29982
CRITICAL
Simple Client Management System 1.0 - SQL Injection via manage_service.php id Parameter
CVSS 9.8
CVE-2022-29981
CRITICAL
Simple Client Management System 1.0 - SQL Injection via Users.php Delete Parameter
CVSS 9.8
CVE-2022-29980
CRITICAL
Simple Client Management System 1.0 - SQL Injection via User Management ID Parameter
CVSS 9.8
CVE-2022-29979
CRITICAL
Simple Client Management System 1.0 - SQL Injection via Master.php delete_designation Parameter
CVSS 9.8
CVE-2022-29751
CRITICAL
Simple Client Management System 1.0 - SQL Injection via Master.php delete_client Parameter
CVSS 9.8
CVE-2022-29750
CRITICAL
Simple Client Management System 1.0 - SQL Injection via Master.php delete_service Parameter
CVSS 9.8
CVE-2022-29749
CRITICAL
Simple Client Management System 1.0 - SQL Injection via Master.php delete_invoice Parameter
CVSS 9.8
CVE-2022-29748
CRITICAL
Simple Client Management System 1.0 - SQL Injection via Client ID Parameter
CVSS 9.8
CVE-2022-29747
CRITICAL
Simple Client Management System 1.0 - SQL Injection via Invoice ID Parameter
CVSS 9.8
CVE-2022-30451
HIGH
waimairenCMS - Authenticated SQL Injection
CVSS 8.8
CVE-2022-30449
CRITICAL
Hospital Management System 1.0 - SQL Injection via editid Parameter
CVSS 9.8
CVE-2022-30452
HIGH
shopwind <= 3.4.2 - SQL Injection in Database.php
CVSS 7.2
CVE-2022-30048
CRITICAL
Mingsoft MCMS 5.2.7 - SQL Injection via /mdiy/dict/list orderBy Parameter
CVSS 9.8
CVE-2022-30047
CRITICAL
Mingsoft MCMS v5.2.7 - SQL Injection via /mdiy/dict/listExcludeApp orderBy Parameter
CVSS 9.8
CVE-2022-29009
CRITICAL
Cyber Cafe Management System Project v1.0 - SQL Injection
CVSS 9.8
CVE-2022-29007
CRITICAL
Dairy Farm Shop Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-29006
CRITICAL
Directory Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-29656
CRITICAL
Wedding Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
Details
Vulnerabilities
19,812
Exploit Likelihood
High