CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,817 vulnerabilities with CWE-89
CVE-2022-23899 CRITICAL
MCMS v5.2.5 - SQL Injection via search.do Parameter
CVSS 9.8
CVE-2022-23898 CRITICAL
MCMS v5.2.5 - SQL Injection via categoryId Parameter
CVSS 9.8
CVE-2022-26171 CRITICAL
Bank Management System v1.o - SQL Injection
CVSS 9.8
CVE-2022-26170 CRITICAL
Simple Mobile Comparison Website v1.0 - SQL Injection
CVSS 9.8
CVE-2022-26169 CRITICAL
Air Cargo Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-25399 CRITICAL
Simple Real Estate Portal System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-25398 CRITICAL
Auto Spare Parts Management 1.0 - SQL Injection via User Parameter
CVSS 9.8
CVE-2022-25396 CRITICAL
cosmetics_and_beauty_product_online_store 1.0 - SQL Injection via Search Parameter
CVSS 9.8
CVE-2022-25394 CRITICAL
Medical Store Management System 1.0 - SQL Injection via cid Parameter
CVSS 9.8
CVE-2022-25393 HIGH
Simple Bakery Shop Management 1.0 - SQL Injection via Username Parameter
CVSS 7.5
CVE-2022-23387 HIGH
taocms 3.0.2 - SQL Injection via Comment Update Field
CVSS 7.5
CVE-2022-23380 HIGH
taocms 3.0.2 - SQL Injection via id Parameter
CVSS 8.8
CVE-2022-24571 CRITICAL
Car Driving School Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-23911 HIGH
Testimonial WP <1.4.7 - SQL Injection
CVSS 7.2
CVE-2022-0412 CRITICAL
TI WooCommerce Wishlist <1.40.1 - SQL Injection
CVSS 9.8
CVE-2022-0411 HIGH
Asgaros Forum WP <2.0.0 - SQL Injection
CVSS 8.8
CVE-2022-0383 HIGH
WP Review Slider <11.0 - SQL Injection
CVSS 7.2
CVE-2022-25096 CRITICAL
Home Owners Collection Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-25149 CRITICAL
WP Statistics < 13.1.5 - Unauthenticated SQL Injection via IP Parameter
CVSS 9.8
CVE-2022-25148 CRITICAL
WP Statistics <= 13.1.5 - Unauthenticated SQL Injection via current_page_id Parameter
CVSS 9.8
CVE-2022-25004 CRITICAL
Hospital Patient Record Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-25003 CRITICAL
Hospital Patient Record Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-0651 CRITICAL
WP Statistics <13.1.5 - SQL Injection
CVSS 9.8
CVE-2022-22794 MEDIUM
Cybonet PineApp Mail Relay - Unauthenticated SQL Injection via CUSTOMER_ID_INNER Parameter
CVSS 6.8
CVE-2022-24707 HIGH
Anuko Time Tracker <1.20.0.5642 - SQL Injection
CVSS 7.4
Details
Vulnerabilities 19,817
Exploit Likelihood High