CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,812 vulnerabilities with CWE-89
CVE-2022-29317
CRITICAL
Simple Bus Ticket Booking System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-29316
CRITICAL
Complete Online Job Search System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-26116
HIGH
FortiNAC <= 8.3.7, 8.5.2, 8.5.4, 8.6.0, <= 8.6.5, <= 8.7.6, <= 8.8.11, <= 9.1.5, <= 9.2.2 - Authenticated SQL Injection
CVSS 7.2
CVE-2022-1505
CRITICAL
RSVPMaker <= 9.2.6 - Unauthenticated SQL Injection via rsvpmaker-api-endpoints.php
CVSS 9.8
CVE-2022-1453
CRITICAL
RSVPMaker <= 9.2.5 - Unauthenticated SQL Injection in rsvpmaker-util.php
CVSS 9.8
CVE-2022-28110
CRITICAL
Hotel Management System 1.0 - SQL Injection via Login Username Parameter
CVSS 9.8
CVE-2022-30335
CRITICAL
Bonanza Wealth Management System 7.3.2 - SQL Injection via Login Form User Name Field
CVSS 9.8
CVE-2022-27412
CRITICAL
Explore CMS 1.0 - SQL Injection via Page ID Parameter
CVSS 9.8
CVE-2022-1013
CRITICAL
Personal Dictionary WordPress Plugin < 1.3.4 - Blind SQL Injection via POST Data
CVSS 9.8
CVE-2022-0948
CRITICAL
Order Listener for WooCommerce < 3.2.2 - Unauthenticated SQL Injection via REST Route id Parameter
CVSS 9.8
CVE-2022-0836
CRITICAL
SEMA API < 4.02 - Unauthenticated SQL Injection via AJAX Action
CVSS 9.8
CVE-2022-0826
CRITICAL
WP Video Gallery < 1.7.1 - Unauthenticated SQL Injection via AJAX Parameter
CVSS 9.8
CVE-2022-0817
CRITICAL
BadgeOS < 3.7.0 - Unauthenticated SQL Injection via AJAX Action Parameter
CVSS 9.8
CVE-2022-0814
CRITICAL
Ubigeo de Per para Woocommerce < 3.6.4 - Unauthenticated SQL Injection via AJAX Parameters
CVSS 9.8
CVE-2022-0592
CRITICAL
MapSVG < 6.2.20 - Unauthenticated SQL Injection via REST Endpoint
CVSS 9.8
CVE-2022-28163
CRITICAL
Brocade SANnav < 2.2.0 - SQL Injection via Zone Management Endpoints
CVSS 9.8
CVE-2022-29535
CRITICAL
Zoho ManageEngine OPManager through 125588 - SQL Injection via Default Reports
CVSS 9.8
CVE-2022-27360
CRITICAL
SpringBlade <= 3.2.0 - SQL Injection via customSqlSegment
CVSS 9.8
CVE-2022-28533
CRITICAL
Sourcecodester Medical Hub Directory Site 1.0 - SQL Injection
CVSS 9.8
CVE-2022-28530
CRITICAL
Sourcecodester Covid-19 Dir - SQL Injection
CVSS 9.8
CVE-2022-28080
HIGH
Royal Event Management System 1.0 - SQL Injection via todate Parameter
CVSS 8.8
CVE-2022-28079
HIGH
College Management System 1.0 - SQL Injection via course_code Parameter
CVSS 8.8
CVE-2022-28461
CRITICAL
mingyuefusu Library Management System - SQL Injection
CVSS 9.8
CVE-2022-29938
HIGH
LibreHealth EHR 2.0.0 - SQL Injection via payment_id Parameter
CVSS 8.8
CVE-2022-29155
CRITICAL
OpenLDAP <2.5.12 & <2.6.2 - SQL Injection
CVSS 9.8
Details
Vulnerabilities
19,812
Exploit Likelihood
High