CWE-89— SQL Injection
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.— MITRE CWE catalog
18,868 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-89page 155 of 378
- CVE-2022-30401HIGHCVSS 7.2EG 7.22022-05-13
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/?p=view_product&id=.
- CVE-2022-30402HIGHCVSS 7.2EG 7.22022-05-13
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=maintenance/manage_sub_category&id=.
- CVE-2022-30403HIGHCVSS 7.2EG 7.22022-05-13
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/?p=products&c=.
- CVE-2022-30404HIGHCVSS 7.2EG 7.22022-05-13
College Management System v1.0 is vulnerable to SQL Injection via /College_Management_System/admin/display-teacher.php?teacher_id=.
- CVE-2022-30407CRITICALCVSS 9.8EG 9.82022-05-13
Pharmacy Sales And Inventory System v1.0 is vulnerable to SQL Injection via /pharmacy-sales-and-inventory-system/manage_user.php?id=.
- CVE-2022-30411HIGHCVSS 7.2EG 7.22022-05-13
Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/?page=individuals/view_individual&id=.
- CVE-2022-30412HIGHCVSS 7.2EG 7.22022-05-13
Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/individuals/update_status.php?id=.
- CVE-2022-30413CRITICALCVSS 9.8EG 9.82022-05-13
Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=delete_application.
- CVE-2022-30414HIGHCVSS 7.2EG 7.22022-05-13
Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/?page=applications/view_application&id=.
- CVE-2022-30415HIGHCVSS 7.2EG 7.22022-05-13
Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/applications/update_status.php?id=.
- CVE-2022-30417HIGHCVSS 7.2EG 7.22022-05-13
Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via ctpms/admin/?page=user/manage_user&id=.
- CVE-2022-30449CRITICALCVSS 9.8EG 9.82022-05-11
Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in room.php.
- CVE-2022-30451HIGHCVSS 8.8EG 8.82022-05-11
An authenticated user could execute code via a SQLi vulnerability in waimairenCMS before version 9.1.
- CVE-2022-30452HIGHCVSS 7.2EG 7.22022-05-11
ShopWind <= v3.4.2 has a Sql injection vulnerability in Database.php
- CVE-2022-30454CRITICALCVSS 9.8EG 9.82022-05-24
Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product.
- CVE-2022-30455CRITICALCVSS 9.8EG 9.82022-05-24
Badminton Center Management System 1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_court_rental, id.
- CVE-2022-30459HIGHCVSS 8.8EG 8.82022-05-24
ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to SQL Injection via /simple_chat_bot/classes/Master.php?f=delete_response, id.
- CVE-2022-30461CRITICALCVSS 9.8EG 9.82022-05-24
Water-billing-management-system v1.0 is vulnerable to SQL Injection via /wbms/classes/Master.php?f=delete_client, id
- CVE-2022-30463HIGHCVSS 8.8EG 8.82022-05-24
Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_product.
- CVE-2022-30469HIGHCVSS 8.8EG 8.82022-06-06
In Afian Filerun 20220202, lack of sanitization of the POST parameter "metadata[]" in `/?module=fileman§ion=get&page=grid` leads to SQL injection.
- CVE-2022-30478CRITICALCVSS 9.8EG 9.82022-06-02
Ecommerce-project-with-php-and-mysqli-Fruits-Bazar 1.0 is vulnerable to SQL Injection in \search_product.php via the keyword parameters.
- CVE-2022-30481CRITICALCVSS 9.8EG 9.82022-06-02
Food-order-and-table-reservation-system- 1.0 is vulnerable to SQL Injection in categorywise-menu.php via the catid parameters.
- CVE-2022-30490CRITICALCVSS 9.8EG 9.82022-06-02
Badminton Center Management System V1.0 is vulnerable to SQL Injection via parameter 'id' in /bcms/admin/court_rentals/update_status.php.
- CVE-2022-30493CRITICALCVSS 9.8EG 9.82022-05-26
In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin access(privilege escalation).
- CVE-2022-30496HIGHCVSS 7.5EG 7.52022-06-02
SQL injection in Logon Page of IDCE MV's application, version 1.0, allows an attacker to inject SQL payloads in the user field, connecting to a database to access enterprise's private and sensitive information.
- CVE-2022-30500CRITICALCVSS 9.8EG 9.82022-05-26
Jfinal cms 5.1.0 is vulnerable to SQL Injection.
- CVE-2022-30510CRITICALCVSS 9.8EG 9.82022-06-02
School Dormitory Management System 1.0 is vulnerable to SQL Injection via reports/daily_collection_report.php:59.
- CVE-2022-30511CRITICALCVSS 9.8EG 9.82022-06-02
School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/view_details.php:4.
- CVE-2022-30512CRITICALCVSS 9.8EG 9.82022-06-02
School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/payment_history.php:31.
- CVE-2022-30516CRITICALCVSS 9.8EG 9.82022-05-26
In Hospital-Management-System v1.0, the editid parameter in the doctor.php page is vulnerable to SQL injection attacks.
- CVE-2022-30518CRITICALCVSS 9.8EG 9.82022-05-20
ChatBot Application with a Suggestion Feature 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /simple_chat_bot/admin/responses/view_response.php.
- CVE-2022-30528CRITICALCVSS 9.8EG 9.82022-12-01
SQL Injection vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to execute arbitrary commands via the username parameter to /system/user/modules/mod_users/controller.php.
- CVE-2022-3059HIGHCVSS 8.6EG 7.52022-10-31
The application was vulnerable to multiple instances of SQL injection (authenticated and unauthenticated) through a vulnerable parameter. Due to the stacked query support, complex SQL commands could be crafted and injected into the vulner…
- CVE-2022-30599CRITICALCVSS 9.8EG 9.82022-05-18
A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.
- CVE-2022-30619MEDIUMCVSS 5.9EG 8.82022-07-06
Editable SQL Queries behind Base64 encoding sending from the Client-Side to The Server-Side for a particular API used in legacy Work Center module. He attack is available for any authenticated user, in any kind of rule. under the function …
- CVE-2022-30765CRITICALCVSS 9.8EG 9.82022-05-16
Calibre-Web before 0.6.18 allows user table SQL Injection.
- CVE-2022-30794HIGHCVSS 7.2EG 7.22022-06-02
Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductetails.php.
- CVE-2022-30795HIGHCVSS 7.2EG 7.22022-06-02
Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductimage.php.
- CVE-2022-30797CRITICALCVSS 9.8EG 9.82022-06-02
Online Ordering System 1.0 by oretnom23 is vulnerable to SQL Injection via admin/vieworders.php.
- CVE-2022-30798HIGHCVSS 7.2EG 7.22022-06-02
Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/viewreport.php.
- CVE-2022-30799HIGHCVSS 7.2EG 7.22022-06-02
Online Ordering System v1.0 by oretnom23 has SQL injection via store/orderpage.php.
- CVE-2022-30809CRITICALCVSS 9.8EG 9.82022-06-02
elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_page.php?page=.
- CVE-2022-30810CRITICALCVSS 9.8EG 9.82022-06-02
elitecms v1.01 is vulnerable to SQL Injection via admin/edit_post.php.
- CVE-2022-30813CRITICALCVSS 9.8EG 9.82022-06-02
elitecms 1.01 is vulnerable to SQL Injection via /admin/add_post.php.
- CVE-2022-30814CRITICALCVSS 9.8EG 9.82022-06-02
elitecms v1.01 is vulnerable to SQL Injection via /admin/add_sidebar.php.
- CVE-2022-30815CRITICALCVSS 9.8EG 9.82022-06-02
elitecms 1.01 is vulnerable to SQL Injection via admin/edit_sidebar.php?page=2&sidebar=
- CVE-2022-30816CRITICALCVSS 9.8EG 9.82022-06-02
elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_sidebar.php.
- CVE-2022-30817CRITICALCVSS 9.8EG 9.82022-06-02
Simple Bus Ticket Booking System 1.0 is vulnerable to SQL Injection via /SimpleBusTicket/index.php.
- CVE-2022-30818HIGHCVSS 7.2EG 7.22022-06-02
Wedding Management System v1.0 is vulnerable to SQL injection via /Wedding-Management/admin/blog_events_edit.php?id=31.
- CVE-2022-30823HIGHCVSS 7.2EG 7.22022-06-02
Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\blog_events_edit.php.
Map vulnerabilities like CWE-89 to your infrastructure
EchelonGraph correlates every CVE — across CWE-89 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →