CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,817 vulnerabilities with CWE-89
CVE-2022-25406
CRITICAL
Tongda2000 v11.10 - SQL Injection via DELETE_STR Parameter
CVSS 9.8
CVE-2022-25405
CRITICAL
Tongda2000 v11.10 - SQL Injection via DELETE_STR Parameter
CVSS 9.8
CVE-2022-25404
CRITICAL
Tongda2000 v11.10 - SQL Injection via DELETE_STR Parameter
CVSS 9.8
CVE-2022-25403
CRITICAL
hospital_management_system v1.0 - SQL Injection via admin.php
CVSS 9.8
CVE-2022-24407
HIGH
Cyrus SASL 2.1.17-2.1.27 - SQL Injection via Unescaped Password in SQL Plugin
CVSS 8.8
CVE-2022-23986
HIGH
phpuploader < 1.2 - Unauthenticated SQL Injection
CVSS 7.5
CVE-2022-0255
HIGH
WordPress Plugin <2.5.1 - SQL Injection
CVSS 7.2
CVE-2022-0228
HIGH
Popup Builder <4.0.7 - SQL Injection
CVSS 7.2
CVE-2022-21176
HIGH
Airspan Mimosa Management Platform < 1.0.3 and C6x/C5x/C5c Firmware < 2.8.6.1 and A5x Firmware < 2.5.4.1 - SQL Injection
CVSS 8.6
CVE-2022-25322
CRITICAL
ZEROF Web Server 2.0 - SQL Injection via HandleEvent Endpoint
CVSS 9.8
CVE-2022-22881
CRITICAL
Jeecg-boot < 3.0 - SQL Injection via /sys/user/queryUserComponentData Code Parameter
CVSS 9.8
CVE-2022-22880
CRITICAL
Jeecg-boot < 3.0 - SQL Injection via /jeecg-boot/sys/user/queryUserByDepId Code Parameter
CVSS 9.8
CVE-2022-0513
CRITICAL
WP Statistics <13.1.4 - SQL Injection
CVSS 9.8
CVE-2022-23358
CRITICAL
EasyCMS v1.6 - SQL Injection via ArticlemAction.class.php
CVSS 9.8
CVE-2022-24226
HIGH
Hospital Management System v4.0 - SQL Injection
CVSS 7.5
CVE-2022-24206
CRITICAL
Tongda Office Anywhere v11.10 - SQL Injection via DEVICE_LIST Parameter
CVSS 9.8
CVE-2022-23902
CRITICAL
Tongda Office Anywhere v11.10 - SQL Injection via export_data.php d_name Parameter
CVSS 9.8
CVE-2022-23337
CRITICAL
DedeCMS v5.7.87 - SQL Injection via article_coonepage_rule.php ids Parameter
CVSS 9.8
CVE-2022-23336
CRITICAL
S-CMS v5.0 - SQL Injection via member_pay.php O_id Parameter
CVSS 9.8
CVE-2022-23335
CRITICAL
Metinfo 7.5.0 - SQL Injection via doModifyParameter
CVSS 9.8
CVE-2022-22295
CRITICAL
Metinfo v7.5.0 - SQL Injection via table_para Parameter
CVSS 9.8
CVE-2022-0190
HIGH
WordPress AICP <1.2.6 - SQL Injection
CVSS 8.8
CVE-2022-24646
HIGH
Hospital Management System v4.0 - SQL Injection
CVSS 7.5
CVE-2022-22540
HIGH
SAP NetWeaver AS ABAP (Workplace Server) - SQL Injection
CVSS 7.5
CVE-2022-23379
CRITICAL
emlog 6.0 - SQL Injection via $TagID Parameter in getblogidsfromtagid()
CVSS 9.8
Details
Vulnerabilities
19,817
Exploit Likelihood
High