CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,817 vulnerabilities with CWE-89
CVE-2022-0658
CRITICAL
CommonsBooking <2.6.8 - SQL Injection
CVSS 9.8
CVE-2022-0478
HIGH
WooCommerce WordPress <3.5.8 - SQL Injection
CVSS 8.8
CVE-2022-0254
CRITICAL
WordPress Zero Spam <5.2.11 - SQL Injection
CVSS 9.8
CVE-2022-0169
CRITICAL
WordPress Photo Gallery Plugin SQL Injection (CVE-2022-0169)
CVSS 9.8
CVE-2022-25506
MEDIUM
FreeTAKServer-UI v1.9.8 - SQL Injection via AuthenticateUser API Endpoint
CVSS 6.5
CVE-2022-25225
HIGH
Network Olympus 1.8.0 - Authenticated SQL Injection via Event Instance API sqlparameter
CVSS 7.2
CVE-2022-24607
CRITICAL
Luocms v2.0 - SQL Injection in News Admin Endpoint
CVSS 9.8
CVE-2022-24606
CRITICAL
Luocms v2.0 - SQL Injection via /admin/news/sort_ok.php
CVSS 9.8
CVE-2022-24605
CRITICAL
Luocms v2.0 - SQL Injection via /admin/link/link_ok.php
CVSS 9.8
CVE-2022-24604
CRITICAL
Luocms v2.0 - SQL Injection in /admin/link/link_mod.php
CVSS 9.8
CVE-2022-24603
CRITICAL
Luocms v2.0 - SQL Injection via /admin/news/sort_mod.php
CVSS 9.8
CVE-2022-24602
CRITICAL
Luocms v2.0 - SQL Injection via News Modification Endpoint
CVSS 9.8
CVE-2022-24601
HIGH
Luocms v2.0 - SQL Injection in admin_mod.php
CVSS 7.5
CVE-2022-24600
CRITICAL
Luocms v2.0 - SQL Injection via /admin/login.php
CVSS 9.8
CVE-2022-0507
MEDIUM
Pandora FMS < 760 - Authenticated SQL Injection
CVSS 5.8
CVE-2022-24281
HIGH
SINEC NMS <V1.0.3, SINEMA Server V14 - Privilege Escalation
CVSS 7.2
CVE-2022-0754
MEDIUM
GitHub salesagility/suitecrm <7.12.5 - SQL Injection
CVSS 6.5
CVE-2022-0439
HIGH
Email Subscribers & Newsletters <5.3.2 - SQL Injection
CVSS 8.8
CVE-2022-0434
CRITICAL
WordPress Plugin <2.4.15 - SQL Injection
CVSS 9.8
CVE-2022-0420
HIGH
RegistrationMagic <5.0.2.2 - SQL Injection
CVSS 7.2
CVE-2022-0410
HIGH
WP Visitor Statistics <5.6 - SQL Injection
CVSS 8.8
CVE-2022-0349
CRITICAL
NotificationX <2.3.9 - SQL Injection
CVSS 9.8
CVE-2022-0267
HIGH
AdRotate WordPress <5.8.22 - SQL Injection
CVSS 7.2
CVE-2022-26201
CRITICAL
Victor CMS 1.0 - SQL Injection
CVSS 9.8
CVE-2022-25125
CRITICAL
MCMS v5.2.4 - SQL Injection via search.do Parameter
CVSS 9.8
Details
Vulnerabilities
19,817
Exploit Likelihood
High