CWE-89— SQL Injection
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.— MITRE CWE catalog
18,871 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-89page 158 of 378
- CVE-2022-31981HIGHCVSS 7.2EG 7.22022-06-02
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/view_team&id=.
- CVE-2022-31982HIGHCVSS 7.2EG 7.22022-06-02
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/view_request&id=.
- CVE-2022-31983HIGHCVSS 7.2EG 7.22022-06-02
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/manage_request&id=.
- CVE-2022-31984HIGHCVSS 7.2EG 7.22022-06-02
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/take_action.php?id=.
- CVE-2022-31985HIGHCVSS 7.2EG 7.22022-06-02
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=reports/daily_sales_report&date=.
- CVE-2022-31986HIGHCVSS 7.2EG 7.22022-06-02
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=reports/daily_court_rental_report&date=.
- CVE-2022-31988HIGHCVSS 7.2EG 7.22022-06-02
Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/?page=reports/daily_services_report&date=.
- CVE-2022-31989CRITICALCVSS 9.8EG 9.82022-06-02
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=user/manage_user&id=.
- CVE-2022-31990CRITICALCVSS 9.8EG 9.82022-06-02
Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/classes/Master.php?f=delete_product.
- CVE-2022-31991CRITICALCVSS 9.8EG 9.82022-06-02
Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/classes/Master.php?f=delete_court.
- CVE-2022-31992HIGHCVSS 7.2EG 7.22022-06-02
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=court_rentals/view_court_rental&id=.
- CVE-2022-31993CRITICALCVSS 9.8EG 9.82022-06-02
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_service.
- CVE-2022-31994HIGHCVSS 7.2EG 7.22022-06-02
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=sales/view_details&id.
- CVE-2022-31996HIGHCVSS 7.2EG 7.22022-06-02
Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/?page=sales/manage_sale&id=.
- CVE-2022-31998HIGHCVSS 7.2EG 7.22022-06-02
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=service_transactions/view_details&id=.
- CVE-2022-32000HIGHCVSS 7.2EG 7.22022-06-02
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=service_transactions/manage_service_transaction&id=.
- CVE-2022-32001HIGHCVSS 7.2EG 7.22022-06-02
Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/products/view_product.php?id=.
- CVE-2022-32002CRITICALCVSS 9.8EG 9.82022-06-02
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/courts/manage_court.php?id=.
- CVE-2022-32003HIGHCVSS 7.2EG 7.22022-06-02
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/courts/view_court.php?id=.
- CVE-2022-32004HIGHCVSS 7.2EG 7.22022-06-02
Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/products/manage_product.php?id=.
- CVE-2022-32005HIGHCVSS 7.2EG 7.22022-06-02
Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/services/manage_service.php?id=.
- CVE-2022-32006HIGHCVSS 7.2EG 7.22022-06-02
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/services/view_service.php?id=.
- CVE-2022-32007HIGHCVSS 7.2EG 7.22022-06-02
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/company/index.php?view=edit&id=.
- CVE-2022-32008HIGHCVSS 7.2EG 7.22022-06-02
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via eris/admin/vacancy/index.php?view=edit&id=.
- CVE-2022-32010HIGHCVSS 7.2EG 7.22022-06-02
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/user/index.php?view=edit&id=.
- CVE-2022-32011HIGHCVSS 7.2EG 7.22022-06-02
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/applicants/index.php?view=view&id=.
- CVE-2022-32012HIGHCVSS 7.2EG 7.22022-06-02
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/employee/index.php?view=edit&id=.
- CVE-2022-32013HIGHCVSS 7.2EG 7.22022-06-02
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via eris/admin/category/index.php?view=edit&id=.
- CVE-2022-32014HIGHCVSS 7.2EG 7.22022-06-02
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=byfunction.
- CVE-2022-32015HIGHCVSS 7.2EG 7.22022-06-02
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=category&search=.
- CVE-2022-32016HIGHCVSS 7.2EG 7.22022-06-02
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=bycompany.
- CVE-2022-32017HIGHCVSS 7.2EG 7.22022-06-02
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=bytitle.
- CVE-2022-32018HIGHCVSS 7.2EG 7.22022-06-02
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=hiring&search=.
- CVE-2022-32021HIGHCVSS 7.2EG 7.22022-06-02
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_movement.php?id=.
- CVE-2022-32022HIGHCVSS 7.2EG 7.22022-06-02
Car Rental Management System v1.0 is vulnerable to SQL Injection via /ip/car-rental-management-system/admin/ajax.php?action=login.
- CVE-2022-32024HIGHCVSS 7.2EG 7.22022-06-02
Car Rental Management System v1.0 is vulnerable to SQL Injection via car-rental-management-system/booking.php?car_id=.
- CVE-2022-32025HIGHCVSS 7.2EG 7.22022-06-02
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/view_car.php?id=.
- CVE-2022-32026HIGHCVSS 7.2EG 7.22022-06-02
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_booking.php?id=.
- CVE-2022-32027HIGHCVSS 7.2EG 7.22022-06-02
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/index.php?page=manage_car&id=.
- CVE-2022-32028HIGHCVSS 7.2EG 7.22022-06-02
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_user.php?id=.
- CVE-2022-32055HIGHCVSS 7.5EG 7.52022-07-07
Inout Homestay v2.2 was discovered to contain a SQL injection vulnerability via the guests parameter at /index.php?page=search/rentals.
- CVE-2022-32056CRITICALCVSS 9.8EG 9.82022-07-07
Online Accreditation Management v1.0 was discovered to contain a SQL injection vulnerability via the USERNAME parameter at process.php.
- CVE-2022-32093CRITICALCVSS 9.8EG 9.82022-07-01
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.php.
- CVE-2022-32094CRITICALCVSS 9.8EG 9.82022-07-01
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlogin.php.
- CVE-2022-32095CRITICALCVSS 9.8EG 9.82022-07-01
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php.
- CVE-2022-32101CRITICALCVSS 9.8EG 9.82022-06-15
kkcms v1.3.7 was discovered to contain a SQL injection vulnerability via the cid parameter at /template/wapian/vlist.php.
- CVE-2022-32211HIGHCVSS 8.8EG 8.82022-09-23
A SQL injection vulnerability exists in Rocket.Chat <v3.18.6, <v4.4.4 and <v4.7.3 which can allow an attacker to retrieve a reset password token through or a 2fa secret.
- CVE-2022-32246MEDIUMCVSS 4.6EG 4.62022-07-12
SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On s…
- CVE-2022-32297HIGHCVSS 7.5EG 7.52022-07-14
Piwigo v12.2.0 was discovered to contain SQL injection vulnerability via the Search function.
- CVE-2022-32299HIGHCVSS 8.8EG 8.82022-06-15
YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the id parameter at /App/Lib/Action/Admin/SiteAction.class.php.
Map vulnerabilities like CWE-89 to your infrastructure
EchelonGraph correlates every CVE — across CWE-89 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →