CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,817 vulnerabilities with CWE-89
CVE-2022-24260 CRITICAL
Voipmonitor GUI <v24.96 - Privilege Escalation
CVSS 9.8
CVE-2022-24121 HIGH
Unified Office Total Connect Now - SQL Injection
CVSS 7.5
CVE-2022-23873 HIGH
Victor CMS 1.0 - SQL Injection via user_firstname Parameter
CVSS 8.8
CVE-2022-0366 HIGH
Capsule8 Console <4.9.1 - Privilege Escalation
CVSS 8.8
CVE-2022-24223 CRITICAL
AtomCMS 2.0 - SQL Injection via Admin Login Endpoint
CVSS 9.8
CVE-2022-24222 CRITICAL
eliteCMS v1.0 - SQL Injection via /admin/edit_user.php
CVSS 9.8
CVE-2022-24221 CRITICAL
eliteCMS v1.0 - SQL Injection via /admin/functions/functions.php
CVSS 9.8
CVE-2022-24220 CRITICAL
eliteCMS 1.0 - SQL Injection via /admin/edit_post.php
CVSS 9.8
CVE-2022-24219 CRITICAL
eliteCMS 1.0 - SQL Injection via /admin/edit_page.php
CVSS 9.8
CVE-2022-24266 HIGH
Cuppa CMS v1.0 - SQL Injection
CVSS 7.5
CVE-2022-24265 HIGH
Cuppa CMS v1.0 - SQL Injection
CVSS 7.5
CVE-2022-24264 HIGH
Cuppa CMS v1.0 - SQL Injection
CVSS 7.5
CVE-2022-24263 CRITICAL
Hospital Management System v4.0 - SQL Injection
CVSS 9.8
CVE-2022-24124 HIGH
Casdoor < 1.13.1 - SQL Injection via Query API Parameters
CVSS 7.5
CVE-2022-22294 CRITICAL
zfaka <= 1.4.3 - SQL Injection
CVSS 9.8
CVE-2022-21720 MEDIUM
GLPI < 9.5.7 - Authenticated SQL Injection
CVSS 4.9
CVE-2022-0362 CRITICAL
Packagist showdoc/showdoc <2.10.3 - SQL Injection
CVSS 9.8
CVE-2022-0332 CRITICAL
Moodle 3.11.0-3.11.4 - SQL Injection via H5P Activity Web Service
CVSS 9.8
CVE-2022-23857 MEDIUM
Navidrome < 0.47.5 - Authenticated SQL Injection via Smart Playlist Processing
CVSS 6.5
CVE-2022-23366 CRITICAL
HMS v1.0 - SQL Injection via patientlogin.php
CVSS 9.8
CVE-2022-23365 CRITICAL
HMS v1.0 - SQL Injection via doctorlogin.php
CVSS 9.8
CVE-2022-23364 CRITICAL
HMS 1.0 - SQL Injection via adminlogin.php
CVSS 9.8
CVE-2022-23363 CRITICAL
Online Banking System v1.0 - SQL Injection via index.php
CVSS 9.8
CVE-2022-23314 CRITICAL
MCMS v5.2.4 - SQL Injection via /ms/mdiy/model/importJson.do
CVSS 9.8
CVE-2022-23046 HIGH
phpipam 1.4.4 - Authenticated SQL Injection via Subnet Parameter
CVSS 7.2
Details
Vulnerabilities 19,817
Exploit Likelihood High