CWE-89— SQL Injection
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.— MITRE CWE catalog
18,868 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-89page 149 of 378
- CVE-2022-2688MEDIUMCVSS 6.3EG 9.82022-08-06
A vulnerability was found in SourceCodester Expense Management System. It has been rated as critical. This issue affects the function fetch_report_credit of the file report.php of the component POST Parameter Handler. The manipulation of t…
- CVE-2022-26887CRITICALCVSS 9.8EG 9.82022-03-29
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_loopmapHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and…
- CVE-2022-2693MEDIUMCVSS 6.3EG 8.82022-08-06
A vulnerability has been found in SourceCodester Electronic Medical Records System and classified as critical. This vulnerability affects unknown code of the file register.php of the component UPDATE Statement Handler. The manipulation of …
- CVE-2022-26959CRITICALCVSS 10.0EG 9.82022-09-16
There are two full (read/write) Blind/Time-based SQL injection vulnerabilities in the Northstar Club Management version 6.3 application. The vulnerabilities exist in the userName parameter of the processlogin.jsp page in the /northstar/Por…
- CVE-2022-2697MEDIUMCVSS 6.3EG 7.52022-08-08
A vulnerability was found in SourceCodester Simple E-Learning System. It has been classified as critical. Affected is an unknown function of the file comment_frame.php. The manipulation of the argument post_id leads to sql injection. It is…
- CVE-2022-2698MEDIUMCVSS 6.3EG 9.82022-08-08
A vulnerability was found in SourceCodester Simple E-Learning System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file search.php. The manipulation of the argument searchPost leads to…
- CVE-2022-26986HIGHCVSS 7.2EG 7.22022-04-05
SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows an attacker to read and modify the sensitive information from the database used by the application. If misconfigur…
- CVE-2022-2699MEDIUMCVSS 6.3EG 6.52022-08-08
A vulnerability was found in SourceCodester Simple E-Learning System. It has been rated as critical. Affected by this issue is some unknown functionality of the file /claire_blake. The manipulation of the argument phoneNumber leads to sql …
- CVE-2022-2700MEDIUMCVSS 4.7EG 8.82022-08-08
A vulnerability classified as critical has been found in SourceCodester Gym Management System. This affects an unknown part of the component GET Parameter Handler. The manipulation of the argument day leads to sql injection. It is possible…
- CVE-2022-2703MEDIUMCVSS 6.3EG 8.82022-08-08
A vulnerability was found in SourceCodester Gym Management System. It has been classified as critical. This affects an unknown part of the component Exercises Module. The manipulation of the argument exer leads to sql injection. It is poss…
- CVE-2022-27041HIGHCVSS 7.5EG 7.52022-04-11
Due to lack of protection, parameter student_id in OpenSIS Classic 8.0 /modules/eligibility/Student.php can be used to inject SQL queries to extract information from databases.
- CVE-2022-2705MEDIUMCVSS 6.3EG 9.82022-08-08
A vulnerability was found in SourceCodester Simple Student Information System. It has been rated as critical. This issue affects some unknown processing of the file admin/departments/manage_department.php. The manipulation of the argument …
- CVE-2022-2706MEDIUMCVSS 6.3EG 9.82022-08-08
A vulnerability classified as critical has been found in SourceCodester Online Class and Exam Scheduling System 1.0. Affected is an unknown function of the file /pages/class_sched.php. The manipulation of the argument class with the input …
- CVE-2022-2707MEDIUMCVSS 6.3EG 9.82022-08-08
A vulnerability classified as critical was found in SourceCodester Online Class and Exam Scheduling System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/faculty_sched.php. The manipulation of the argume…
- CVE-2022-2708MEDIUMCVSS 5.5EG 9.82022-08-08
A vulnerability, which was classified as critical, was found in SourceCodester Gym Management System. This affects an unknown part of the file login.php. The manipulation of the argument user_login with the input [email protected]' OR (SELECT 908…
- CVE-2022-27104CRITICALCVSS 9.8EG 9.82022-04-19
An Unauthenticated time-based blind SQL injection vulnerability exists in Forma LMS prior to v.1.4.3.
- CVE-2022-27123CRITICALCVSS 9.8EG 9.82022-04-05
Employee Performance Evaluation v1.0 was discovered to contain a SQL injection vulnerability via the email parameter.
- CVE-2022-27124CRITICALCVSS 9.8EG 9.82022-04-05
Insurance Management System 1.0 was discovered to contain a SQL injection vulnerability via the username parameter.
- CVE-2022-27126CRITICALCVSS 9.8EG 9.82022-04-10
zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the art parameter at /include/make.php.
- CVE-2022-27127MEDIUMCVSS 6.5EG 6.52022-04-10
zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php/ajax.php.
- CVE-2022-2715MEDIUMCVSS 6.3EG 9.82022-08-09
A vulnerability has been found in SourceCodester Employee Management System and classified as critical. This vulnerability affects unknown code of the file eloginwel.php. The manipulation of the argument id leads to sql injection. The atta…
- CVE-2022-27161CRITICALCVSS 9.8EG 9.82022-04-12
Csz Cms 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_viewUsers
- CVE-2022-27162CRITICALCVSS 9.8EG 9.82022-04-12
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_editUser
- CVE-2022-27163CRITICALCVSS 9.8EG 9.82022-04-12
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_editUser
- CVE-2022-27164CRITICALCVSS 9.8EG 9.82022-04-12
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_viewUsers
- CVE-2022-27165CRITICALCVSS 9.8EG 9.82022-04-12
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Plugin_manager_setstatus
- CVE-2022-2717HIGHCVSS 7.2EG 4.92022-09-06
The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter on the joomsport-events-form page in versions up to, and including, 5.2.5 due to insuffici…
- CVE-2022-27175CRITICALCVSS 9.8EG 9.82022-03-29
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetCalcTagList. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and exec…
- CVE-2022-2718HIGHCVSS 7.2EG 4.92022-09-06
The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter on the joomsport-page-extrafields page in versions up to, and including, 5.2.5 due to insu…
- CVE-2022-2722MEDIUMCVSS 6.3EG 9.82022-08-09
A vulnerability was found in SourceCodester Simple Student Information System and classified as critical. This issue affects some unknown processing of the file manage_course.php. The manipulation of the argument id leads to sql injection.…
- CVE-2022-2723MEDIUMCVSS 6.3EG 9.82022-08-09
A vulnerability was found in SourceCodester Employee Management System. It has been classified as critical. Affected is an unknown function of the file /process/eprocess.php. The manipulation of the argument mailuid/pwd leads to sql inject…
- CVE-2022-2724MEDIUMCVSS 6.3EG 9.82022-08-09
A vulnerability was found in SourceCodester Employee Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /process/aprocess.php. The manipulation of the argument mailui…
- CVE-2022-2726MEDIUMCVSS 6.3EG 9.82022-08-09
A vulnerability classified as critical has been found in SEMCMS. This affects an unknown part of the file Ant_Check.php. The manipulation of the argument DID leads to sql injection. It is possible to initiate the attack remotely. The explo…
- CVE-2022-2727MEDIUMCVSS 6.3EG 9.82022-08-09
A vulnerability was found in SourceCodester Gym Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /mygym/admin/login.php. The manipulation of the argument admin_emai…
- CVE-2022-2728MEDIUMCVSS 6.3EG 9.82022-08-09
A vulnerability was found in SourceCodester Gym Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file /mygym/admin/index.php. The manipulation of the argument edit_tran leads to …
- CVE-2022-27299CRITICALCVSS 9.8EG 9.82022-04-26
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the component room.php.
- CVE-2022-27304CRITICALCVSS 9.8EG 9.82022-04-05
Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via the user parameter.
- CVE-2022-27341CRITICALCVSS 9.8EG 9.82022-04-22
JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability via the Article Management function.
- CVE-2022-27342CRITICALCVSS 9.8EG 9.82022-04-22
Link-Admin v0.0.1 was discovered to contain a SQL injection vulnerability via DictRest.ResponseResult().
- CVE-2022-27360CRITICALCVSS 9.8EG 9.82022-05-05
SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment.
- CVE-2022-27365HIGHCVSS 7.2EG 7.22022-04-15
Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Dance.php_del.
- CVE-2022-27366HIGHCVSS 7.2EG 7.22022-04-15
Cscms Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the component dance_Dance.php_hy.
- CVE-2022-27367HIGHCVSS 7.2EG 7.22022-04-15
Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Topic.php_del.
- CVE-2022-27368HIGHCVSS 7.2EG 7.22022-04-15
Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Lists.php_zhuan.
- CVE-2022-27369HIGHCVSS 7.2EG 7.22022-04-15
Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component news_News.php_hy.
- CVE-2022-27378HIGHCVSS 7.5EG 7.52022-04-12
An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
- CVE-2022-27379HIGHCVSS 7.5EG 7.52022-04-12
An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
- CVE-2022-27380HIGHCVSS 7.5EG 7.52022-04-12
An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
- CVE-2022-27381HIGHCVSS 7.5EG 7.52022-04-12
An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
- CVE-2022-27384HIGHCVSS 7.5EG 7.52022-04-12
An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
Map vulnerabilities like CWE-89 to your infrastructure
EchelonGraph correlates every CVE — across CWE-89 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →