CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,816 vulnerabilities with CWE-89
CVE-2022-1281 CRITICAL
10web Photo Gallery < 1.6.3 - SQL Injection via filter_tag Parameter
CVSS 9.8
CVE-2022-0783 CRITICAL
Multiple Shipping Address Woocommerce < 2.0.0 - Unauthenticated SQL Injection via AJAX Parameters
CVSS 9.8
CVE-2022-0773 CRITICAL
Documentor WP <1.5.3 - SQL Injection
CVSS 9.8
CVE-2022-0771 CRITICAL
SiteSuperCharger <5.2.0 - SQL Injection
CVSS 9.8
CVE-2022-27466 CRITICAL
MCMS v5.2.27 - SQL Injection via orderBy Parameter
CVSS 9.8
CVE-2022-28452 CRITICAL
Red Planet Laundry Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2022-1531 CRITICAL
rtx < 2022-04-20 - SQL Injection in ARAX-UI Synonym Lookup
CVSS 9.8
CVE-2022-29904 CRITICAL
MediaWiki SemanticDrilldown < 1.37.2 - SQL Injection via Constraint Handling
CVSS 9.8
CVE-2022-28060 HIGH
Victor CMS 1.0 - SQL Injection via user_name Parameter
CVSS 7.5
CVE-2022-29411 HIGH
Mufeng's Hermit <3.1.6 - SQL Injection
CVSS 8.3
CVE-2022-29410 HIGH
Mufeng's Hermit <= 3.1.6 - SQL Injection
CVSS 7.4
CVE-2022-28524 CRITICAL
ed01-cms v20180505 - SQL Injection via post.php
CVSS 9.8
CVE-2022-27985 CRITICAL
CuppaCMS 1.0 - SQL Injection via Alert Lightbox Endpoint
CVSS 9.8
CVE-2022-27984 CRITICAL
CuppaCMS 1.0 - SQL Injection via menu_filter Parameter
CVSS 9.8
CVE-2022-27299 CRITICAL
Hospital Management System v1.0 - SQL Injection via room.php
CVSS 9.8
CVE-2022-29419 MEDIUM
3xSocializer <= 0.98.22 - Authenticated SQL Injection
CVSS 6.0
CVE-2022-0782 CRITICAL
Donations WordPress <1.8 - SQL Injection
CVSS 9.8
CVE-2022-0769 CRITICAL
Users Ultra WP <3.1.0 - SQL Injection
CVSS 9.8
CVE-2022-0693 CRITICAL
Master Elements WP <8.0 - SQL Injection
CVSS 9.8
CVE-2022-0657 CRITICAL
5 Stars Rating Funnel WordPress Plugin <1.2.54 - SQL Injection
CVSS 9.8
CVE-2022-29603 HIGH
universis-api < 1.2.1 - Authenticated SQL Injection via $select Parameter
CVSS 8.1
CVE-2022-27342 CRITICAL
link-admin v0.0.1 - SQL Injection via DictRest.ResponseResult()
CVSS 9.8
CVE-2022-27341 CRITICAL
JFinalCMS v2.0 - SQL Injection via Article Management Function
CVSS 9.8
CVE-2022-1429 HIGH
pimcore < 10.3.6 - SQL Injection in GridHelperService.php
CVSS 7.5
CVE-2022-28439 CRITICAL
Baby Care System v1.0 - SQL Injection
CVSS 9.8
Details
Vulnerabilities 19,816
Exploit Likelihood High