CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,812 vulnerabilities with CWE-89
CVE-2022-28552 HIGH
cscms 4.1 - Authenticated SQL Injection via Song Recycle Bin
CVSS 8.8
CVE-2022-28512 CRITICAL
Sourcecodester Fantastic Blog CMS 1.0 - SQL Injection
CVSS 9.8
CVE-2022-28099 HIGH
Poultry Farm Management System 1.0 - SQL Injection via Item Parameter
CVSS 8.8
CVE-2022-28111 CRITICAL
MyBatis PageHelper 1.0-3.7.0, 4.0.0-5.0.0, 5.1.0-5.3.0 - Time-Blind SQL Injection via orderBy Parameter
CVSS 9.8
CVE-2022-27431 CRITICAL
wuzhicms v4.1.0 - SQL Injection via groupid Parameter
CVSS 9.8
CVE-2022-27420 CRITICAL
Hospital Management System 1.0 - SQL Injection via patient_contact Parameter
CVSS 9.8
CVE-2022-27413 CRITICAL
Hospital Management System 1.0 - SQL Injection via adminname Parameter
CVSS 9.8
CVE-2022-28585 CRITICAL
EmpireCMS 7.5 - SQL Injection in AdClass.php
CVSS 9.8
CVE-2022-28505 HIGH
jfinal_cms 5.1.0 - SQL Injection via LogController
CVSS 7.2
CVE-2022-27962 CRITICAL
Bluecms 1.6 - SQL Injection via Cookie
CVSS 9.8
CVE-2022-1378 CRITICAL
Delta Electronics DIAEnergie < 1.8.02.004 - SQL Injection via DIAE_pgHandler.ashx
CVSS 9.8
CVE-2022-1377 CRITICAL
Delta Electronics DIAEnergie < 1.8.02.004 - SQL Injection via DIAE_rltHandler.ashx
CVSS 9.8
CVE-2022-1376 CRITICAL
Delta Electronics DIAEnergie < 1.8.02.004 - SQL Injection via DIAE_privgrpHandler.ashx
CVSS 9.8
CVE-2022-1375 CRITICAL
Delta Electronics DIAEnergie < 1.8.02.004 - SQL Injection via DIAE_slogHandler.ashx
CVSS 9.8
CVE-2022-1374 CRITICAL
Delta Electronics DIAEnergie < 1.8.02.004 - SQL Injection via DIAE_unHandler.ashx
CVSS 9.8
CVE-2022-1372 CRITICAL
Delta Electronics DIAEnergie < 1.8.02.004 - SQL Injection via dlSlog.aspx
CVSS 9.8
CVE-2022-1371 CRITICAL
Delta Electronics DIAEnergie < 1.8.02.004 - SQL Injection via ReadRegf
CVSS 9.8
CVE-2022-1370 CRITICAL
Delta Electronics DIAEnergie < 1.8.02.004 - SQL Injection via ReadREGbyID
CVSS 9.8
CVE-2022-1369 CRITICAL
Delta Electronics DIAEnergie < 1.8.02.004 - SQL Injection via ReadRegIND
CVSS 9.8
CVE-2022-1367 CRITICAL
Delta Electronics DIAEnergie < 1.8.02.004 - SQL Injection via Handler_TCV.ashx
CVSS 9.8
CVE-2022-1366 CRITICAL
Delta Electronics DIAEnergie < 1.8.02.004 - SQL Injection via HandlerChart.ashx
CVSS 9.8
CVE-2022-1281 CRITICAL
10web Photo Gallery < 1.6.3 - SQL Injection via filter_tag Parameter
CVSS 9.8
CVE-2022-0783 CRITICAL
Multiple Shipping Address Woocommerce < 2.0.0 - Unauthenticated SQL Injection via AJAX Parameters
CVSS 9.8
CVE-2022-0773 CRITICAL
Documentor WP <1.5.3 - SQL Injection
CVSS 9.8
CVE-2022-0771 CRITICAL
SiteSuperCharger <5.2.0 - SQL Injection
CVSS 9.8
Details
Vulnerabilities 19,812
Exploit Likelihood High