CWE-89— SQL Injection
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.— MITRE CWE catalog
18,868 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-89page 154 of 378
- CVE-2022-29984CRITICALCVSS 9.8EG 9.82022-05-12
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=client/view_client&id=.
- CVE-2022-29985CRITICALCVSS 9.8EG 9.82022-05-12
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_category.
- CVE-2022-29986CRITICALCVSS 9.8EG 9.82022-05-12
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_facility.
- CVE-2022-29987CRITICALCVSS 9.8EG 9.82022-05-12
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=user/manage_user&id=.
- CVE-2022-29988CRITICALCVSS 9.8EG 9.82022-05-12
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete.
- CVE-2022-29989CRITICALCVSS 9.8EG 9.82022-05-12
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_booking.
- CVE-2022-29990CRITICALCVSS 9.8EG 9.82022-05-12
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/categories/view_category.php?id=.
- CVE-2022-29992CRITICALCVSS 9.8EG 9.82022-05-12
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/categories/manage_category.php?id=.
- CVE-2022-29993CRITICALCVSS 9.8EG 9.82022-05-12
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/bookings/view_booking.php?id=.
- CVE-2022-29994CRITICALCVSS 9.8EG 9.82022-05-12
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=facilities/manage_facility&id=.
- CVE-2022-29995CRITICALCVSS 9.8EG 9.82022-05-12
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=clients/manage_client&id=.
- CVE-2022-29998CRITICALCVSS 9.8EG 9.82022-05-12
Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/clientStatus.php?client_id=.
- CVE-2022-29999CRITICALCVSS 9.8EG 9.82022-05-12
Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editClient.php?client_id=.
- CVE-2022-30000CRITICALCVSS 9.8EG 9.82022-05-12
Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editPayment.php?recipt_no=.
- CVE-2022-30001CRITICALCVSS 9.8EG 9.82022-05-12
Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editAgent.php?agent_id=.
- CVE-2022-30002HIGHCVSS 7.2EG 7.22022-05-12
Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editNominee.php?nominee_id=.
- CVE-2022-30004CRITICALCVSS 9.8EG 9.82022-09-26
Sourcecodester Online Market Place Site v1.0 suffers from an unauthenticated blind SQL Injection Vulnerability allowing remote attackers to dump the SQL database via time-based SQL injection..
- CVE-2022-30011CRITICALCVSS 9.8EG 9.82022-05-16
In HMS 1.0 when requesting appointment.php through POST, multiple parameters can lead to a SQL injection vulnerability.
- CVE-2022-30012HIGHCVSS 7.5EG 7.52022-05-16
In the POST request of the appointment.php page of HMS v.0, there are SQL injection vulnerabilities in multiple parameters, and database information can be obtained through injection.
- CVE-2022-30025MEDIUMCVSS 6.5EG 6.52023-05-24
SQL injection in "/Framewrk/Home.jsp" file (POST method) in tCredence Analytics iDEAL Wealth and Funds - 1.0 iallows authenticated remote attackers to inject payload via "v" parameter.
- CVE-2022-30047CRITICALCVSS 9.8EG 9.82022-05-11
Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/listExcludeApp URI via orderBy parameter.
- CVE-2022-30048CRITICALCVSS 9.8EG 9.82022-05-11
Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/list URI via orderBy parameter.
- CVE-2022-30052CRITICALCVSS 9.8EG 9.82022-05-17
In Home Clean Service System 1.0, the password parameter is vulnerable to SQL injection attacks.
- CVE-2022-30053CRITICALCVSS 9.8EG 9.82022-05-17
In Toll Tax Management System 1.0, the id parameter appears to be vulnerable to SQL injection attacks.
- CVE-2022-30054CRITICALCVSS 9.8EG 9.82022-05-17
In Covid 19 Travel Pass Management 1.0, the code parameter is vulnerable to SQL injection attacks.
- CVE-2022-30113CRITICALCVSS 9.8EG 9.82022-07-14
Electronic mall system 1.0_build20200203 is affected vulnerable to SQL Injection.
- CVE-2022-3012MEDIUMCVSS 6.3EG 8.82022-08-27
A vulnerability was found in oretnom23 Fast Food Ordering System. It has been rated as critical. Affected by this issue is some unknown functionality of the file ffos/admin/reports/index.php. The manipulation of the argument date leads to …
- CVE-2022-3013MEDIUMCVSS 6.3EG 9.82022-08-27
A vulnerability classified as critical has been found in SourceCodester Simple Task Managing System. This affects an unknown part of the file /loginVaLidation.php. The manipulation of the argument login leads to sql injection. It is possib…
- CVE-2022-30335CRITICALCVSS 9.8EG 9.82022-05-09
Bonanza Wealth Management System (BWM) 7.3.2 allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect all passwords in encrypted format from the Microsoft…
- CVE-2022-30352CRITICALCVSS 9.8EG 9.82022-06-02
phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanitization of user-supplied data in the "auth_user" parameter in index.php script.
- CVE-2022-30370CRITICALCVSS 9.8EG 9.82022-05-13
Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/classes/Master.php?f=delete_cargo_type.
- CVE-2022-30371HIGHCVSS 7.2EG 7.22022-05-13
Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/cargo_types/view_cargo_type.php?id=.
- CVE-2022-30372HIGHCVSS 7.2EG 7.22022-05-13
Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/classes/Master.php?f=delete_cargo.
- CVE-2022-30373HIGHCVSS 7.2EG 7.22022-05-13
Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/cargo_types/manage_cargo_type.php?id=.
- CVE-2022-30374HIGHCVSS 7.2EG 7.22022-05-13
Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/?page=transactions/manage_transaction&id=.
- CVE-2022-30376HIGHCVSS 7.2EG 7.22022-05-13
Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/members/view_member.php?id=.
- CVE-2022-30378HIGHCVSS 7.2EG 7.22022-05-13
Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/?page=posts/view_post&id=.
- CVE-2022-30379HIGHCVSS 7.2EG 7.22022-05-13
Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/?page=user/manage_user&id=.
- CVE-2022-30384CRITICALCVSS 9.8EG 9.82022-05-13
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_inventory.
- CVE-2022-30385CRITICALCVSS 9.8EG 9.82022-05-13
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_order.
- CVE-2022-30386CRITICALCVSS 9.8EG 9.82022-05-13
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_featured.
- CVE-2022-30387CRITICALCVSS 9.8EG 9.82022-05-13
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=pay_order.
- CVE-2022-30391CRITICALCVSS 9.8EG 9.82022-05-13
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_category.
- CVE-2022-30392CRITICALCVSS 9.8EG 9.82022-05-13
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_sub_category.
- CVE-2022-30393HIGHCVSS 7.2EG 7.22022-05-13
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=product/manage_product&id=.
- CVE-2022-30395CRITICALCVSS 9.8EG 9.82022-05-13
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_cart.
- CVE-2022-30396HIGHCVSS 7.2EG 7.22022-05-13
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=inventory/manage_inventory&id=.
- CVE-2022-30398HIGHCVSS 7.2EG 7.22022-05-13
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=orders/view_order&id=.
- CVE-2022-30399HIGHCVSS 7.2EG 7.22022-05-13
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=maintenance/manage_category&id=.
- CVE-2022-30400HIGHCVSS 7.2EG 7.22022-05-13
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/orders/view_order.php?view=user&id=.
Map vulnerabilities like CWE-89 to your infrastructure
EchelonGraph correlates every CVE — across CWE-89 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →