CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,817 vulnerabilities with CWE-89
CVE-2022-25406 CRITICAL
Tongda2000 v11.10 - SQL Injection via DELETE_STR Parameter
CVSS 9.8
CVE-2022-25405 CRITICAL
Tongda2000 v11.10 - SQL Injection via DELETE_STR Parameter
CVSS 9.8
CVE-2022-25404 CRITICAL
Tongda2000 v11.10 - SQL Injection via DELETE_STR Parameter
CVSS 9.8
CVE-2022-25403 CRITICAL
hospital_management_system v1.0 - SQL Injection via admin.php
CVSS 9.8
CVE-2022-24407 HIGH
Cyrus SASL 2.1.17-2.1.27 - SQL Injection via Unescaped Password in SQL Plugin
CVSS 8.8
CVE-2022-23986 HIGH
phpuploader < 1.2 - Unauthenticated SQL Injection
CVSS 7.5
CVE-2022-0255 HIGH
WordPress Plugin <2.5.1 - SQL Injection
CVSS 7.2
CVE-2022-0228 HIGH
Popup Builder <4.0.7 - SQL Injection
CVSS 7.2
CVE-2022-21176 HIGH
Airspan Mimosa Management Platform < 1.0.3 and C6x/C5x/C5c Firmware < 2.8.6.1 and A5x Firmware < 2.5.4.1 - SQL Injection
CVSS 8.6
CVE-2022-25322 CRITICAL
ZEROF Web Server 2.0 - SQL Injection via HandleEvent Endpoint
CVSS 9.8
CVE-2022-22881 CRITICAL
Jeecg-boot < 3.0 - SQL Injection via /sys/user/queryUserComponentData Code Parameter
CVSS 9.8
CVE-2022-22880 CRITICAL
Jeecg-boot < 3.0 - SQL Injection via /jeecg-boot/sys/user/queryUserByDepId Code Parameter
CVSS 9.8
CVE-2022-0513 CRITICAL
WP Statistics <13.1.4 - SQL Injection
CVSS 9.8
CVE-2022-23358 CRITICAL
EasyCMS v1.6 - SQL Injection via ArticlemAction.class.php
CVSS 9.8
CVE-2022-24226 HIGH
Hospital Management System v4.0 - SQL Injection
CVSS 7.5
CVE-2022-24206 CRITICAL
Tongda Office Anywhere v11.10 - SQL Injection via DEVICE_LIST Parameter
CVSS 9.8
CVE-2022-23902 CRITICAL
Tongda Office Anywhere v11.10 - SQL Injection via export_data.php d_name Parameter
CVSS 9.8
CVE-2022-23337 CRITICAL
DedeCMS v5.7.87 - SQL Injection via article_coonepage_rule.php ids Parameter
CVSS 9.8
CVE-2022-23336 CRITICAL
S-CMS v5.0 - SQL Injection via member_pay.php O_id Parameter
CVSS 9.8
CVE-2022-23335 CRITICAL
Metinfo 7.5.0 - SQL Injection via doModifyParameter
CVSS 9.8
CVE-2022-22295 CRITICAL
Metinfo v7.5.0 - SQL Injection via table_para Parameter
CVSS 9.8
CVE-2022-0190 HIGH
WordPress AICP <1.2.6 - SQL Injection
CVSS 8.8
CVE-2022-24646 HIGH
Hospital Management System v4.0 - SQL Injection
CVSS 7.5
CVE-2022-22540 HIGH
SAP NetWeaver AS ABAP (Workplace Server) - SQL Injection
CVSS 7.5
CVE-2022-23379 CRITICAL
emlog 6.0 - SQL Injection via $TagID Parameter in getblogidsfromtagid()
CVSS 9.8
Details
Vulnerabilities 19,817
Exploit Likelihood High