CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,816 vulnerabilities with CWE-89
CVE-2022-1281
CRITICAL
10web Photo Gallery < 1.6.3 - SQL Injection via filter_tag Parameter
CVSS 9.8
CVE-2022-0783
CRITICAL
Multiple Shipping Address Woocommerce < 2.0.0 - Unauthenticated SQL Injection via AJAX Parameters
CVSS 9.8
CVE-2022-0773
CRITICAL
Documentor WP <1.5.3 - SQL Injection
CVSS 9.8
CVE-2022-0771
CRITICAL
SiteSuperCharger <5.2.0 - SQL Injection
CVSS 9.8
CVE-2022-27466
CRITICAL
MCMS v5.2.27 - SQL Injection via orderBy Parameter
CVSS 9.8
CVE-2022-28452
CRITICAL
Red Planet Laundry Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2022-1531
CRITICAL
rtx < 2022-04-20 - SQL Injection in ARAX-UI Synonym Lookup
CVSS 9.8
CVE-2022-29904
CRITICAL
MediaWiki SemanticDrilldown < 1.37.2 - SQL Injection via Constraint Handling
CVSS 9.8
CVE-2022-28060
HIGH
Victor CMS 1.0 - SQL Injection via user_name Parameter
CVSS 7.5
CVE-2022-29411
HIGH
Mufeng's Hermit <3.1.6 - SQL Injection
CVSS 8.3
CVE-2022-29410
HIGH
Mufeng's Hermit <= 3.1.6 - SQL Injection
CVSS 7.4
CVE-2022-28524
CRITICAL
ed01-cms v20180505 - SQL Injection via post.php
CVSS 9.8
CVE-2022-27985
CRITICAL
CuppaCMS 1.0 - SQL Injection via Alert Lightbox Endpoint
CVSS 9.8
CVE-2022-27984
CRITICAL
CuppaCMS 1.0 - SQL Injection via menu_filter Parameter
CVSS 9.8
CVE-2022-27299
CRITICAL
Hospital Management System v1.0 - SQL Injection via room.php
CVSS 9.8
CVE-2022-29419
MEDIUM
3xSocializer <= 0.98.22 - Authenticated SQL Injection
CVSS 6.0
CVE-2022-0782
CRITICAL
Donations WordPress <1.8 - SQL Injection
CVSS 9.8
CVE-2022-0769
CRITICAL
Users Ultra WP <3.1.0 - SQL Injection
CVSS 9.8
CVE-2022-0693
CRITICAL
Master Elements WP <8.0 - SQL Injection
CVSS 9.8
CVE-2022-0657
CRITICAL
5 Stars Rating Funnel WordPress Plugin <1.2.54 - SQL Injection
CVSS 9.8
CVE-2022-29603
HIGH
universis-api < 1.2.1 - Authenticated SQL Injection via $select Parameter
CVSS 8.1
CVE-2022-27342
CRITICAL
link-admin v0.0.1 - SQL Injection via DictRest.ResponseResult()
CVSS 9.8
CVE-2022-27341
CRITICAL
JFinalCMS v2.0 - SQL Injection via Article Management Function
CVSS 9.8
CVE-2022-1429
HIGH
pimcore < 10.3.6 - SQL Injection in GridHelperService.php
CVSS 7.5
CVE-2022-28439
CRITICAL
Baby Care System v1.0 - SQL Injection
CVSS 9.8
Details
Vulnerabilities
19,816
Exploit Likelihood
High