CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,817 vulnerabilities with CWE-89
CVE-2022-0658 CRITICAL
CommonsBooking <2.6.8 - SQL Injection
CVSS 9.8
CVE-2022-0478 HIGH
WooCommerce WordPress <3.5.8 - SQL Injection
CVSS 8.8
CVE-2022-0254 CRITICAL
WordPress Zero Spam <5.2.11 - SQL Injection
CVSS 9.8
CVE-2022-0169 CRITICAL
WordPress Photo Gallery Plugin SQL Injection (CVE-2022-0169)
CVSS 9.8
CVE-2022-25506 MEDIUM
FreeTAKServer-UI v1.9.8 - SQL Injection via AuthenticateUser API Endpoint
CVSS 6.5
CVE-2022-25225 HIGH
Network Olympus 1.8.0 - Authenticated SQL Injection via Event Instance API sqlparameter
CVSS 7.2
CVE-2022-24607 CRITICAL
Luocms v2.0 - SQL Injection in News Admin Endpoint
CVSS 9.8
CVE-2022-24606 CRITICAL
Luocms v2.0 - SQL Injection via /admin/news/sort_ok.php
CVSS 9.8
CVE-2022-24605 CRITICAL
Luocms v2.0 - SQL Injection via /admin/link/link_ok.php
CVSS 9.8
CVE-2022-24604 CRITICAL
Luocms v2.0 - SQL Injection in /admin/link/link_mod.php
CVSS 9.8
CVE-2022-24603 CRITICAL
Luocms v2.0 - SQL Injection via /admin/news/sort_mod.php
CVSS 9.8
CVE-2022-24602 CRITICAL
Luocms v2.0 - SQL Injection via News Modification Endpoint
CVSS 9.8
CVE-2022-24601 HIGH
Luocms v2.0 - SQL Injection in admin_mod.php
CVSS 7.5
CVE-2022-24600 CRITICAL
Luocms v2.0 - SQL Injection via /admin/login.php
CVSS 9.8
CVE-2022-0507 MEDIUM
Pandora FMS < 760 - Authenticated SQL Injection
CVSS 5.8
CVE-2022-24281 HIGH
SINEC NMS <V1.0.3, SINEMA Server V14 - Privilege Escalation
CVSS 7.2
CVE-2022-0754 MEDIUM
GitHub salesagility/suitecrm <7.12.5 - SQL Injection
CVSS 6.5
CVE-2022-0439 HIGH
Email Subscribers & Newsletters <5.3.2 - SQL Injection
CVSS 8.8
CVE-2022-0434 CRITICAL
WordPress Plugin <2.4.15 - SQL Injection
CVSS 9.8
CVE-2022-0420 HIGH
RegistrationMagic <5.0.2.2 - SQL Injection
CVSS 7.2
CVE-2022-0410 HIGH
WP Visitor Statistics <5.6 - SQL Injection
CVSS 8.8
CVE-2022-0349 CRITICAL
NotificationX <2.3.9 - SQL Injection
CVSS 9.8
CVE-2022-0267 HIGH
AdRotate WordPress <5.8.22 - SQL Injection
CVSS 7.2
CVE-2022-26201 CRITICAL
Victor CMS 1.0 - SQL Injection
CVSS 9.8
CVE-2022-25125 CRITICAL
MCMS v5.2.4 - SQL Injection via search.do Parameter
CVSS 9.8
Details
Vulnerabilities 19,817
Exploit Likelihood High