CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,812 vulnerabilities with CWE-89
CVE-2022-28552
HIGH
cscms 4.1 - Authenticated SQL Injection via Song Recycle Bin
CVSS 8.8
CVE-2022-28512
CRITICAL
Sourcecodester Fantastic Blog CMS 1.0 - SQL Injection
CVSS 9.8
CVE-2022-28099
HIGH
Poultry Farm Management System 1.0 - SQL Injection via Item Parameter
CVSS 8.8
CVE-2022-28111
CRITICAL
MyBatis PageHelper 1.0-3.7.0, 4.0.0-5.0.0, 5.1.0-5.3.0 - Time-Blind SQL Injection via orderBy Parameter
CVSS 9.8
CVE-2022-27431
CRITICAL
wuzhicms v4.1.0 - SQL Injection via groupid Parameter
CVSS 9.8
CVE-2022-27420
CRITICAL
Hospital Management System 1.0 - SQL Injection via patient_contact Parameter
CVSS 9.8
CVE-2022-27413
CRITICAL
Hospital Management System 1.0 - SQL Injection via adminname Parameter
CVSS 9.8
CVE-2022-28585
CRITICAL
EmpireCMS 7.5 - SQL Injection in AdClass.php
CVSS 9.8
CVE-2022-28505
HIGH
jfinal_cms 5.1.0 - SQL Injection via LogController
CVSS 7.2
CVE-2022-27962
CRITICAL
Bluecms 1.6 - SQL Injection via Cookie
CVSS 9.8
CVE-2022-1378
CRITICAL
Delta Electronics DIAEnergie < 1.8.02.004 - SQL Injection via DIAE_pgHandler.ashx
CVSS 9.8
CVE-2022-1377
CRITICAL
Delta Electronics DIAEnergie < 1.8.02.004 - SQL Injection via DIAE_rltHandler.ashx
CVSS 9.8
CVE-2022-1376
CRITICAL
Delta Electronics DIAEnergie < 1.8.02.004 - SQL Injection via DIAE_privgrpHandler.ashx
CVSS 9.8
CVE-2022-1375
CRITICAL
Delta Electronics DIAEnergie < 1.8.02.004 - SQL Injection via DIAE_slogHandler.ashx
CVSS 9.8
CVE-2022-1374
CRITICAL
Delta Electronics DIAEnergie < 1.8.02.004 - SQL Injection via DIAE_unHandler.ashx
CVSS 9.8
CVE-2022-1372
CRITICAL
Delta Electronics DIAEnergie < 1.8.02.004 - SQL Injection via dlSlog.aspx
CVSS 9.8
CVE-2022-1371
CRITICAL
Delta Electronics DIAEnergie < 1.8.02.004 - SQL Injection via ReadRegf
CVSS 9.8
CVE-2022-1370
CRITICAL
Delta Electronics DIAEnergie < 1.8.02.004 - SQL Injection via ReadREGbyID
CVSS 9.8
CVE-2022-1369
CRITICAL
Delta Electronics DIAEnergie < 1.8.02.004 - SQL Injection via ReadRegIND
CVSS 9.8
CVE-2022-1367
CRITICAL
Delta Electronics DIAEnergie < 1.8.02.004 - SQL Injection via Handler_TCV.ashx
CVSS 9.8
CVE-2022-1366
CRITICAL
Delta Electronics DIAEnergie < 1.8.02.004 - SQL Injection via HandlerChart.ashx
CVSS 9.8
CVE-2022-1281
CRITICAL
10web Photo Gallery < 1.6.3 - SQL Injection via filter_tag Parameter
CVSS 9.8
CVE-2022-0783
CRITICAL
Multiple Shipping Address Woocommerce < 2.0.0 - Unauthenticated SQL Injection via AJAX Parameters
CVSS 9.8
CVE-2022-0773
CRITICAL
Documentor WP <1.5.3 - SQL Injection
CVSS 9.8
CVE-2022-0771
CRITICAL
SiteSuperCharger <5.2.0 - SQL Injection
CVSS 9.8
Details
Vulnerabilities
19,812
Exploit Likelihood
High