CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,816 vulnerabilities with CWE-89
CVE-2022-28030 CRITICAL
Simple Real Estate Portal System 1.0 - SQL Injection via Master.php delete_estate Parameter
CVSS 9.8
CVE-2022-28029 CRITICAL
Simple Real Estate Portal System 1.0 - SQL Injection via Master.php delete_type Parameter
CVSS 9.8
CVE-2022-28028 CRITICAL
Simple Real Estate Portal System 1.0 - SQL Injection via Master.php delete_amenity Parameter
CVSS 9.8
CVE-2022-28026 CRITICAL
Student Grading System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-28025 CRITICAL
Student Grading System 1.0 - SQL Injection via school_year Parameter
CVSS 9.8
CVE-2022-28024 CRITICAL
Student Grading System 1.0 - SQL Injection via rms.php grade Parameter
CVSS 9.8
CVE-2022-28023 CRITICAL
Purchase Order Management System 1.0 - SQL Injection via Master.php delete_supplier Parameter
CVSS 9.8
CVE-2022-28022 CRITICAL
Purchase Order Management System 1.0 - SQL Injection via Master.php delete_item Parameter
CVSS 9.8
CVE-2022-28020 HIGH
Attendance and Payroll System 1.0 - SQL Injection via Position Edit Component
CVSS 8.8
CVE-2022-28019 HIGH
Attendance and Payroll System 1.0 - SQL Injection via Employee Edit Component
CVSS 8.8
CVE-2022-28018 HIGH
Attendance and Payroll System 1.0 - SQL Injection via Schedule Edit Component
CVSS 8.8
CVE-2022-28017 HIGH
Attendance and Payroll System 1.0 - SQL Injection via overtime_edit.php
CVSS 8.8
CVE-2022-28016 HIGH
Attendance and Payroll System 1.0 - SQL Injection via deduction_edit.php
CVSS 8.8
CVE-2022-28015 HIGH
Attendance and Payroll System 1.0 - SQL Injection via Cash Advance Edit Component
CVSS 8.8
CVE-2022-28014 HIGH
Attendance and Payroll System 1.0 - SQL Injection via attendance_edit.php
CVSS 8.8
CVE-2022-28013 HIGH
Attendance and Payroll System 1.0 - SQL Injection via schedule_employee_edit.php
CVSS 8.8
CVE-2022-28012 HIGH
Attendance and Payroll System 1.0 - SQL Injection via Position Delete Component
CVSS 8.8
CVE-2022-28011 HIGH
Attendance and Payroll System 1.0 - SQL Injection via schedule_delete.php
CVSS 8.8
CVE-2022-28010 HIGH
Attendance and Payroll System 1.0 - SQL Injection via Overtime Delete Component
CVSS 8.8
CVE-2022-28009 HIGH
Attendance and Payroll System 1.0 - SQL Injection via Attendance Delete Component
CVSS 8.8
CVE-2022-28008 HIGH
Attendance and Payroll System 1.0 - SQL Injection via attendance_delete.php
CVSS 8.8
CVE-2022-28007 HIGH
Attendance and Payroll System 1.0 - SQL Injection via Cash Advance Delete Component
CVSS 8.8
CVE-2022-28006 HIGH
Attendance and Payroll System 1.0 - SQL Injection via Employee Delete Component
CVSS 8.8
CVE-2022-20786 MEDIUM
Cisco Unified Communications Manager IM And Presence Service < 11.5\(1\)su11 - SQL Injection
CVSS 5.4
CVE-2022-29498 HIGH
Blazer < 2.6.0 - SQL Injection
CVSS 7.5
Details
Vulnerabilities 19,816
Exploit Likelihood High