CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,816 vulnerabilities with CWE-89
CVE-2022-27104 CRITICAL
Formalms < 1.4.3 - SQL Injection
CVSS 9.8
CVE-2022-27927 CRITICAL
Microfinance Management System 1.0 - SQL Injection via course_code or customer_number Parameter
CVSS 9.8
CVE-2022-0785 CRITICAL
Daily Prayer Time WP <2022.03.01 - SQL Injection
CVSS 9.8
CVE-2022-26631 CRITICAL
Automatic Question Paper Generator v1.0 - SQL Injection
CVSS 9.8
CVE-2022-27908 HIGH
ManageEngine OpManager < 125588 - Authenticated SQL Injection in Inventory Reports Module
CVSS 8.8
CVE-2022-27423 CRITICAL
Chamilo LMS 1.11.0-1.11.15 - SQL Injection via blog_id Parameter
CVSS 9.8
CVE-2022-27369 HIGH
cscms v4.2 - SQL Injection via news_News.php_hy Component
CVSS 7.2
CVE-2022-27368 HIGH
cscms v4.2 - SQL Injection via dance_Lists.php_zhuan Component
CVSS 7.2
CVE-2022-27367 HIGH
cscms v4.2 - SQL Injection via dance_Topic.php_del Component
CVSS 7.2
CVE-2022-27366 HIGH
cscms v4.2 - SQL Injection via dance_Dance.php_hy Component
CVSS 7.2
CVE-2022-27365 HIGH
cscms v4.2 - SQL Injection via dance_Dance.php_del Component
CVSS 7.2
CVE-2022-23865 CRITICAL
Nyron 1.0 - SQL Injection via thes1 Parameter
CVSS 9.8
CVE-2022-26651 CRITICAL
Asterisk <19.x-16.8-cert13 - SQL Injection
CVSS 9.8
CVE-2022-22149 HIGH
Lansweeper <9.1.20.2 - SQL Injection
CVSS 8.8
CVE-2022-21234 HIGH
Lansweeper 9.1.20.2 - Authenticated SQL Injection via EchoAssets.aspx
CVSS 8.8
CVE-2022-21210 HIGH
Lansweeper 9.1.20.2 - Authenticated SQL Injection via AssetActions.aspx
CVSS 8.8
CVE-2022-1258 HIGH
McAfee Agent < 5.7.6 - Authenticated Blind SQL Injection via ePO Extension
CVSS 8.4
CVE-2022-24844 HIGH
gin-vue-admin < 2.5.1 - Authenticated SQL Injection in PostgreSQL Auto Code Service
CVSS 8.1
CVE-2022-27479 CRITICAL
Apache Superset < 1.4.2 - SQL Injection in Chart Data Requests
CVSS 9.8
CVE-2022-1339 HIGH
pimcore < 10.3.5 - SQL Injection in ElementController.php
CVSS 7.5
CVE-2022-27386 HIGH
MariaDB 10.2.0-10.2.43 - Denial of Service via sql/sql_class.cc
CVSS 7.5
CVE-2022-27385 HIGH
MariaDB < 10.3.32 - Denial of Service via Used_tables_and_const_cache_join
CVSS 7.5
CVE-2022-27384 HIGH
MariaDB < 10.2.44 - Denial of Service via Item_subselect::init_expr_cache_tracker
CVSS 7.5
CVE-2022-27381 HIGH
MariaDB < 10.2.44 - Denial of Service via Field::set_default
CVSS 7.5
CVE-2022-27380 HIGH
MariaDB 10.2.0-10.2.43 - Denial of Service via my_decimal::operator=
CVSS 7.5
Details
Vulnerabilities 19,816
Exploit Likelihood High