CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,816 vulnerabilities with CWE-89
CVE-2022-28030
CRITICAL
Simple Real Estate Portal System 1.0 - SQL Injection via Master.php delete_estate Parameter
CVSS 9.8
CVE-2022-28029
CRITICAL
Simple Real Estate Portal System 1.0 - SQL Injection via Master.php delete_type Parameter
CVSS 9.8
CVE-2022-28028
CRITICAL
Simple Real Estate Portal System 1.0 - SQL Injection via Master.php delete_amenity Parameter
CVSS 9.8
CVE-2022-28026
CRITICAL
Student Grading System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-28025
CRITICAL
Student Grading System 1.0 - SQL Injection via school_year Parameter
CVSS 9.8
CVE-2022-28024
CRITICAL
Student Grading System 1.0 - SQL Injection via rms.php grade Parameter
CVSS 9.8
CVE-2022-28023
CRITICAL
Purchase Order Management System 1.0 - SQL Injection via Master.php delete_supplier Parameter
CVSS 9.8
CVE-2022-28022
CRITICAL
Purchase Order Management System 1.0 - SQL Injection via Master.php delete_item Parameter
CVSS 9.8
CVE-2022-28020
HIGH
Attendance and Payroll System 1.0 - SQL Injection via Position Edit Component
CVSS 8.8
CVE-2022-28019
HIGH
Attendance and Payroll System 1.0 - SQL Injection via Employee Edit Component
CVSS 8.8
CVE-2022-28018
HIGH
Attendance and Payroll System 1.0 - SQL Injection via Schedule Edit Component
CVSS 8.8
CVE-2022-28017
HIGH
Attendance and Payroll System 1.0 - SQL Injection via overtime_edit.php
CVSS 8.8
CVE-2022-28016
HIGH
Attendance and Payroll System 1.0 - SQL Injection via deduction_edit.php
CVSS 8.8
CVE-2022-28015
HIGH
Attendance and Payroll System 1.0 - SQL Injection via Cash Advance Edit Component
CVSS 8.8
CVE-2022-28014
HIGH
Attendance and Payroll System 1.0 - SQL Injection via attendance_edit.php
CVSS 8.8
CVE-2022-28013
HIGH
Attendance and Payroll System 1.0 - SQL Injection via schedule_employee_edit.php
CVSS 8.8
CVE-2022-28012
HIGH
Attendance and Payroll System 1.0 - SQL Injection via Position Delete Component
CVSS 8.8
CVE-2022-28011
HIGH
Attendance and Payroll System 1.0 - SQL Injection via schedule_delete.php
CVSS 8.8
CVE-2022-28010
HIGH
Attendance and Payroll System 1.0 - SQL Injection via Overtime Delete Component
CVSS 8.8
CVE-2022-28009
HIGH
Attendance and Payroll System 1.0 - SQL Injection via Attendance Delete Component
CVSS 8.8
CVE-2022-28008
HIGH
Attendance and Payroll System 1.0 - SQL Injection via attendance_delete.php
CVSS 8.8
CVE-2022-28007
HIGH
Attendance and Payroll System 1.0 - SQL Injection via Cash Advance Delete Component
CVSS 8.8
CVE-2022-28006
HIGH
Attendance and Payroll System 1.0 - SQL Injection via Employee Delete Component
CVSS 8.8
CVE-2022-20786
MEDIUM
Cisco Unified Communications Manager IM And Presence Service < 11.5\(1\)su11 - SQL Injection
CVSS 5.4
CVE-2022-29498
HIGH
Blazer < 2.6.0 - SQL Injection
CVSS 7.5
Details
Vulnerabilities
19,816
Exploit Likelihood
High