CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,812 vulnerabilities with CWE-89
CVE-2022-29989 CRITICAL
Online Sports Complex Booking System 1.0 - SQL Injection via Master.php delete_booking Parameter
CVSS 9.8
CVE-2022-29988 CRITICAL
Online Sports Complex Booking System 1.0 - SQL Injection via Master.php Delete Parameter
CVSS 9.8
CVE-2022-29987 CRITICAL
Online Sports Complex Booking System 1.0 - SQL Injection via manage_user ID Parameter
CVSS 9.8
CVE-2022-29986 CRITICAL
Online Sports Complex Booking System 1.0 - SQL Injection via Master.php delete_facility Parameter
CVSS 9.8
CVE-2022-29985 CRITICAL
Online Sports Complex Booking System 1.0 - SQL Injection via Master.php delete_category Parameter
CVSS 9.8
CVE-2022-29984 CRITICAL
Simple Client Management System 1.0 - SQL Injection via Client View Page ID Parameter
CVSS 9.8
CVE-2022-29983 CRITICAL
Simple Client Management System 1.0 - SQL Injection via Invoice ID Parameter
CVSS 9.8
CVE-2022-29982 CRITICAL
Simple Client Management System 1.0 - SQL Injection via manage_service.php id Parameter
CVSS 9.8
CVE-2022-29981 CRITICAL
Simple Client Management System 1.0 - SQL Injection via Users.php Delete Parameter
CVSS 9.8
CVE-2022-29980 CRITICAL
Simple Client Management System 1.0 - SQL Injection via User Management ID Parameter
CVSS 9.8
CVE-2022-29979 CRITICAL
Simple Client Management System 1.0 - SQL Injection via Master.php delete_designation Parameter
CVSS 9.8
CVE-2022-29751 CRITICAL
Simple Client Management System 1.0 - SQL Injection via Master.php delete_client Parameter
CVSS 9.8
CVE-2022-29750 CRITICAL
Simple Client Management System 1.0 - SQL Injection via Master.php delete_service Parameter
CVSS 9.8
CVE-2022-29749 CRITICAL
Simple Client Management System 1.0 - SQL Injection via Master.php delete_invoice Parameter
CVSS 9.8
CVE-2022-29748 CRITICAL
Simple Client Management System 1.0 - SQL Injection via Client ID Parameter
CVSS 9.8
CVE-2022-29747 CRITICAL
Simple Client Management System 1.0 - SQL Injection via Invoice ID Parameter
CVSS 9.8
CVE-2022-30451 HIGH
waimairenCMS - Authenticated SQL Injection
CVSS 8.8
CVE-2022-30449 CRITICAL
Hospital Management System 1.0 - SQL Injection via editid Parameter
CVSS 9.8
CVE-2022-30452 HIGH
shopwind <= 3.4.2 - SQL Injection in Database.php
CVSS 7.2
CVE-2022-30048 CRITICAL
Mingsoft MCMS 5.2.7 - SQL Injection via /mdiy/dict/list orderBy Parameter
CVSS 9.8
CVE-2022-30047 CRITICAL
Mingsoft MCMS v5.2.7 - SQL Injection via /mdiy/dict/listExcludeApp orderBy Parameter
CVSS 9.8
CVE-2022-29009 CRITICAL
Cyber Cafe Management System Project v1.0 - SQL Injection
CVSS 9.8
CVE-2022-29007 CRITICAL
Dairy Farm Shop Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-29006 CRITICAL
Directory Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-29656 CRITICAL
Wedding Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
Details
Vulnerabilities 19,812
Exploit Likelihood High