CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,816 vulnerabilities with CWE-89
CVE-2022-27104
CRITICAL
Formalms < 1.4.3 - SQL Injection
CVSS 9.8
CVE-2022-27927
CRITICAL
Microfinance Management System 1.0 - SQL Injection via course_code or customer_number Parameter
CVSS 9.8
CVE-2022-0785
CRITICAL
Daily Prayer Time WP <2022.03.01 - SQL Injection
CVSS 9.8
CVE-2022-26631
CRITICAL
Automatic Question Paper Generator v1.0 - SQL Injection
CVSS 9.8
CVE-2022-27908
HIGH
ManageEngine OpManager < 125588 - Authenticated SQL Injection in Inventory Reports Module
CVSS 8.8
CVE-2022-27423
CRITICAL
Chamilo LMS 1.11.0-1.11.15 - SQL Injection via blog_id Parameter
CVSS 9.8
CVE-2022-27369
HIGH
cscms v4.2 - SQL Injection via news_News.php_hy Component
CVSS 7.2
CVE-2022-27368
HIGH
cscms v4.2 - SQL Injection via dance_Lists.php_zhuan Component
CVSS 7.2
CVE-2022-27367
HIGH
cscms v4.2 - SQL Injection via dance_Topic.php_del Component
CVSS 7.2
CVE-2022-27366
HIGH
cscms v4.2 - SQL Injection via dance_Dance.php_hy Component
CVSS 7.2
CVE-2022-27365
HIGH
cscms v4.2 - SQL Injection via dance_Dance.php_del Component
CVSS 7.2
CVE-2022-23865
CRITICAL
Nyron 1.0 - SQL Injection via thes1 Parameter
CVSS 9.8
CVE-2022-26651
CRITICAL
Asterisk <19.x-16.8-cert13 - SQL Injection
CVSS 9.8
CVE-2022-22149
HIGH
Lansweeper <9.1.20.2 - SQL Injection
CVSS 8.8
CVE-2022-21234
HIGH
Lansweeper 9.1.20.2 - Authenticated SQL Injection via EchoAssets.aspx
CVSS 8.8
CVE-2022-21210
HIGH
Lansweeper 9.1.20.2 - Authenticated SQL Injection via AssetActions.aspx
CVSS 8.8
CVE-2022-1258
HIGH
McAfee Agent < 5.7.6 - Authenticated Blind SQL Injection via ePO Extension
CVSS 8.4
CVE-2022-24844
HIGH
gin-vue-admin < 2.5.1 - Authenticated SQL Injection in PostgreSQL Auto Code Service
CVSS 8.1
CVE-2022-27479
CRITICAL
Apache Superset < 1.4.2 - SQL Injection in Chart Data Requests
CVSS 9.8
CVE-2022-1339
HIGH
pimcore < 10.3.5 - SQL Injection in ElementController.php
CVSS 7.5
CVE-2022-27386
HIGH
MariaDB 10.2.0-10.2.43 - Denial of Service via sql/sql_class.cc
CVSS 7.5
CVE-2022-27385
HIGH
MariaDB < 10.3.32 - Denial of Service via Used_tables_and_const_cache_join
CVSS 7.5
CVE-2022-27384
HIGH
MariaDB < 10.2.44 - Denial of Service via Item_subselect::init_expr_cache_tracker
CVSS 7.5
CVE-2022-27381
HIGH
MariaDB < 10.2.44 - Denial of Service via Field::set_default
CVSS 7.5
CVE-2022-27380
HIGH
MariaDB 10.2.0-10.2.43 - Denial of Service via my_decimal::operator=
CVSS 7.5
Details
Vulnerabilities
19,816
Exploit Likelihood
High