CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,817 vulnerabilities with CWE-89
CVE-2022-23899
CRITICAL
MCMS v5.2.5 - SQL Injection via search.do Parameter
CVSS 9.8
CVE-2022-23898
CRITICAL
MCMS v5.2.5 - SQL Injection via categoryId Parameter
CVSS 9.8
CVE-2022-26171
CRITICAL
Bank Management System v1.o - SQL Injection
CVSS 9.8
CVE-2022-26170
CRITICAL
Simple Mobile Comparison Website v1.0 - SQL Injection
CVSS 9.8
CVE-2022-26169
CRITICAL
Air Cargo Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-25399
CRITICAL
Simple Real Estate Portal System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-25398
CRITICAL
Auto Spare Parts Management 1.0 - SQL Injection via User Parameter
CVSS 9.8
CVE-2022-25396
CRITICAL
cosmetics_and_beauty_product_online_store 1.0 - SQL Injection via Search Parameter
CVSS 9.8
CVE-2022-25394
CRITICAL
Medical Store Management System 1.0 - SQL Injection via cid Parameter
CVSS 9.8
CVE-2022-25393
HIGH
Simple Bakery Shop Management 1.0 - SQL Injection via Username Parameter
CVSS 7.5
CVE-2022-23387
HIGH
taocms 3.0.2 - SQL Injection via Comment Update Field
CVSS 7.5
CVE-2022-23380
HIGH
taocms 3.0.2 - SQL Injection via id Parameter
CVSS 8.8
CVE-2022-24571
CRITICAL
Car Driving School Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2022-23911
HIGH
Testimonial WP <1.4.7 - SQL Injection
CVSS 7.2
CVE-2022-0412
CRITICAL
TI WooCommerce Wishlist <1.40.1 - SQL Injection
CVSS 9.8
CVE-2022-0411
HIGH
Asgaros Forum WP <2.0.0 - SQL Injection
CVSS 8.8
CVE-2022-0383
HIGH
WP Review Slider <11.0 - SQL Injection
CVSS 7.2
CVE-2022-25096
CRITICAL
Home Owners Collection Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-25149
CRITICAL
WP Statistics < 13.1.5 - Unauthenticated SQL Injection via IP Parameter
CVSS 9.8
CVE-2022-25148
CRITICAL
WP Statistics <= 13.1.5 - Unauthenticated SQL Injection via current_page_id Parameter
CVSS 9.8
CVE-2022-25004
CRITICAL
Hospital Patient Record Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-25003
CRITICAL
Hospital Patient Record Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2022-0651
CRITICAL
WP Statistics <13.1.5 - SQL Injection
CVSS 9.8
CVE-2022-22794
MEDIUM
Cybonet PineApp Mail Relay - Unauthenticated SQL Injection via CUSTOMER_ID_INNER Parameter
CVSS 6.8
CVE-2022-24707
HIGH
Anuko Time Tracker <1.20.0.5642 - SQL Injection
CVSS 7.4
Details
Vulnerabilities
19,817
Exploit Likelihood
High