CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,817 vulnerabilities with CWE-89
CVE-2022-0153
HIGH
fork-cms < 5.11.1 - SQL Injection
CVSS 7.5
CVE-2022-25223
MEDIUM
Money Transfer Management System 1.0 - Authenticated SQL Injection via Transaction ID Parameter
CVSS 4.3
CVE-2022-25222
CRITICAL
Money Transfer Management System 1.0 - Unauthenticated SQL Injection via id Parameter
CVSS 9.8
CVE-2022-0842
MEDIUM
McAfee ePolicy Orchestrator < 5.10.0 - Authenticated Blind SQL Injection
CVSS 5.4
CVE-2022-25517
CRITICAL
MyBatis-Plus 3.4.3 - SQL Injection via Column Parameter
CVSS 9.8
CVE-2022-0386
HIGH
Sophos Unified Threat Management < 9.710 - Authenticated SQL Injection in Mail Manager
CVSS 8.8
CVE-2022-26285
CRITICAL
Simple Subscription Website v1.0 - SQL Injection
CVSS 9.8
CVE-2022-26284
CRITICAL
Simple Client Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-26283
CRITICAL
Simple Subscription Website v1.0 - SQL Injection
CVSS 9.8
CVE-2022-0760
CRITICAL
Simple Link Directory <7.7.2 - SQL Injection
CVSS 9.8
CVE-2022-0747
CRITICAL
Infographic Maker WP <4.3.8 - SQL Injection
CVSS 9.8
CVE-2022-0739
CRITICAL
Wordpress BookingPress bookingpress_front_get_category_services SQLi
CVSS 9.8
CVE-2022-0694
CRITICAL
Advanced Booking Calendar <1.7.0 - SQL Injection
CVSS 9.8
CVE-2022-25505
CRITICAL
Taocms 3.0.2 - SQL Injection via Category.php id Parameter
CVSS 9.8
CVE-2022-26266
HIGH
Piwigo 12.2.0 - SQL Injection via pwg.users.php
CVSS 8.8
CVE-2022-25607
MEDIUM
FV Flowplayer Video Player <= 7.5.15.727 - Authenticated SQL Injection
CVSS 6.6
CVE-2022-0757
MEDIUM
Rapid7 Nexpose <6.6.93 - SQL Injection
CVSS 5.5
CVE-2022-26293
CRITICAL
Online Project Time Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-25494
CRITICAL
Online Banking System v1.0 - SQL Injection via staff_login.php
CVSS 9.8
CVE-2022-25492
CRITICAL
hospital_management_system v1.0 - SQL Injection via medicineid Parameter
CVSS 9.8
CVE-2022-25491
HIGH
hospital_management_system v1.0 - SQL Injection via editid Parameter
CVSS 7.5
CVE-2022-25490
CRITICAL
hospital_management_system v1.0 - SQL Injection via editid Parameter in department.php
CVSS 9.8
CVE-2022-25488
CRITICAL
Thedigitalcraft Atomcms - SQL Injection
CVSS 9.8
CVE-2022-24752
CRITICAL
SyliusGridBundle <1.10.1, 1.11-rc2 - SQL Injection
CVSS 9.8
CVE-2022-22735
HIGH
Simple Quotation < 1.3.2 - Authenticated SQL Injection
CVSS 8.8
Details
Vulnerabilities
19,817
Exploit Likelihood
High