CWE-89— SQL Injection
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.— MITRE CWE catalog
18,871 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-89page 156 of 378
- CVE-2022-30825HIGHCVSS 7.2EG 7.22022-06-02
Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\client_edit.php.
- CVE-2022-30826HIGHCVSS 7.2EG 7.22022-06-02
Wedding Management System v1.0 is vulnerable to SQL Injection via admin\client_assign.php.
- CVE-2022-30827HIGHCVSS 7.2EG 7.22022-06-02
Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\package_edit.php.
- CVE-2022-30828HIGHCVSS 7.2EG 7.22022-06-02
Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\photos_edit.php.
- CVE-2022-30829HIGHCVSS 7.2EG 7.22022-06-02
Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\users_edit.php.
- CVE-2022-30830HIGHCVSS 7.2EG 7.22022-06-02
Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\feature_edit.php.
- CVE-2022-30831HIGHCVSS 7.2EG 7.22022-06-02
Wedding Management System v1.0 is vulnerable to SQL Injection via Wedding-Management/wedding_details.php.
- CVE-2022-30832HIGHCVSS 7.2EG 7.22022-06-02
Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_assign.php?booking=31&user_id=.
- CVE-2022-30833HIGHCVSS 7.2EG 7.22022-06-02
Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_edit.php?booking=31&user_id=.
- CVE-2022-30834HIGHCVSS 7.2EG 7.22022-06-02
Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_manage_account_details.php?booking_id=31&user_id=
- CVE-2022-30835HIGHCVSS 7.2EG 7.22022-06-02
Wedding Management System v1.0 is vulnerable to SQL Injection. via /Wedding-Management/admin/budget.php?booking_id=.
- CVE-2022-30836HIGHCVSS 7.2EG 7.22022-06-02
Wedding Management System v1.0 is vulnerable to SQL Injection. via Wedding-Management/admin/select.php.
- CVE-2022-30838CRITICALCVSS 9.8EG 9.82022-05-24
Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=update_application_status
- CVE-2022-30843HIGHCVSS 8.8EG 8.82022-05-24
Room-rent-portal-site v1.0 is vulnerable to SQL Injection via /rrps/classes/Master.php?f=delete_category, id.
- CVE-2022-30886CRITICALCVSS 9.8EG 9.82022-05-20
School Dormitory Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /dms/admin/reports/daily_collection_report.php.
- CVE-2022-30927CRITICALCVSS 9.8EG 9.82022-06-06
A SQL injection vulnerability exists in Simple Task Scheduling System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable "id" parameter.
- CVE-2022-30998CRITICALCVSS 9.1EG 8.82022-07-22
Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in WooPlugins.co's Homepage Product Organizer for WooCommerce plugin <= 1.1 at WordPress.
- CVE-2022-31056CRITICALCVSS 9.8EG 9.82022-06-28
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all assistance forms (Ticket/Change/Problem) permit sql injection on the acto…
- CVE-2022-31058HIGHCVSS 7.2EG 7.22022-06-29
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.95 Tuleap does not sanitize properly user inputs when constructing the SQL query to retrieve data for the t…
- CVE-2022-31061CRITICALCVSS 9.8EG 9.82022-06-28
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No us…
- CVE-2022-31082MEDIUMCVSS 5.8EG 5.82022-06-27
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. glpi-inventory-plugin is a plugin for GLPI to handle inventory management. In affected versions a …
- CVE-2022-31092HIGHCVSS 7.5EG 7.52022-06-27
Pimcore is an Open Source Data & Experience Management Platform. Pimcore offers developers listing classes to make querying data easier. This listing classes also allow to order or group the results based on one or more columns which shoul…
- CVE-2022-31101HIGHCVSS 8.1EG 8.12022-06-27
prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to…
- CVE-2022-3118HIGHCVSS 7.3EG 9.82022-09-04
A vulnerability was found in Sourcecodehero ERP System Project. It has been rated as critical. This issue affects some unknown processing of the file /pages/processlogin.php. The manipulation of the argument user leads to sql injection. Th…
- CVE-2022-31181CRITICALCVSS 9.8EG 9.82022-08-01
PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed…
- CVE-2022-31197HIGHCVSS 7.1EG 7.12022-08-03
PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow()` method is not performing …
- CVE-2022-3120HIGHCVSS 7.3EG 9.82022-09-05
A vulnerability classified as critical was found in SourceCodester Clinics Patient Management System. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipulation of the argument…
- CVE-2022-3122MEDIUMCVSS 6.3EG 9.82022-09-05
A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file medicine_details.php. The manipulation of the argument medic…
- CVE-2022-31296CRITICALCVSS 9.8EG 9.82022-06-17
Online Discussion Forum Site 1 was discovered to contain a blind SQL injection vulnerability via the component /odfs/posts/view_post.php.
- CVE-2022-3130HIGHCVSS 7.3EG 9.82022-09-07
A vulnerability classified as critical has been found in codeprojects Online Driving School. This affects an unknown part of the file /login.php. The manipulation of the argument username leads to sql injection. It is possible to initiate …
- CVE-2022-3131HIGHCVSS 7.2EG 7.22022-10-17
The Search Logger WordPress plugin through 0.9 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users
- CVE-2022-31325HIGHCVSS 7.2EG 7.22022-06-08
There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'PersonID' field in /churchcrm/WhyCameEditor.php.
- CVE-2022-31327CRITICALCVSS 9.8EG 9.82022-06-02
Online Ordering System By janobe 2.3.2 is vulneranle to SQL Injection via /ordering/index.php?q=products&id=.
- CVE-2022-31328CRITICALCVSS 9.8EG 9.82022-06-02
Online Ordering System By janobe 2.3.2 has SQL Injection via /ordering/admin/products/index.php?view=edit&id=.
- CVE-2022-31329CRITICALCVSS 9.8EG 9.82022-06-02
Online Ordering System By janobe 2.3.2 is vulnerable to SQL Injection via /ordering/admin/orders/loaddata.php.
- CVE-2022-31335CRITICALCVSS 9.8EG 9.82022-06-02
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/index.php?view=edit&id=.
- CVE-2022-31336CRITICALCVSS 9.8EG 9.82022-06-02
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/loaddata.php.
- CVE-2022-31337CRITICALCVSS 9.8EG 9.82022-06-02
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/category/index.php?view=edit&id=.
- CVE-2022-31338CRITICALCVSS 9.8EG 9.82022-06-02
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/user/index.php?view=edit&id=.
- CVE-2022-31339HIGHCVSS 7.2EG 7.22022-06-02
Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/login.php.
- CVE-2022-31340CRITICALCVSS 9.8EG 9.82022-06-02
Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/table_edit_ajax.php.
- CVE-2022-31343CRITICALCVSS 9.8EG 9.82022-06-02
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=bookings/view_details&id=.
- CVE-2022-31344CRITICALCVSS 9.8EG 9.82022-06-02
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_booking.
- CVE-2022-31345CRITICALCVSS 9.8EG 9.82022-06-02
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=user/manage_user&id=.
- CVE-2022-31346CRITICALCVSS 9.8EG 9.82022-06-02
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_service.
- CVE-2022-31347CRITICALCVSS 9.8EG 9.82022-06-02
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_vehicle.
- CVE-2022-31348CRITICALCVSS 9.8EG 9.82022-06-02
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/bookings/update_status.php?id=.
- CVE-2022-31350CRITICALCVSS 9.8EG 9.82022-06-02
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/vehicles/manage_vehicle.php?id=.
- CVE-2022-31351CRITICALCVSS 9.8EG 9.82022-06-02
Online Car Wash Booking System v1.0 by oretnom23 has SQL injection via /ocwbs/admin/services/manage_price.php?id=.
- CVE-2022-31352CRITICALCVSS 9.8EG 9.82022-06-02
Online Car Wash Booking System v1.0 by oretnom23 has SQL injection in /ocwbs/admin/services/manage_service.php?id=.
Map vulnerabilities like CWE-89 to your infrastructure
EchelonGraph correlates every CVE — across CWE-89 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →