CWE-89— SQL Injection
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.— MITRE CWE catalog
18,873 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-89page 159 of 378
- CVE-2022-32300HIGHCVSS 8.8EG 8.82022-06-15
YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the MailSendID parameter at /App/Lib/Action/Admin/MailAction.class.php.
- CVE-2022-32301CRITICALCVSS 9.8EG 9.82022-06-15
YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the IdList parameter at /App/Lib/Action/Home/ApiAction.class.php.
- CVE-2022-32302HIGHCVSS 8.8EG 8.82022-06-15
Theme Park Ticketing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at edit_ticket.php.
- CVE-2022-32311CRITICALCVSS 9.8EG 9.82022-07-05
Ingredient Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /isms/admin/stocks/view_stock.php.
- CVE-2022-32330HIGHCVSS 7.2EG 7.22022-06-14
Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/classes/Master.php?f=delete_menu.
- CVE-2022-32331HIGHCVSS 7.2EG 7.22022-06-14
Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/categories/view_category.php?id=.
- CVE-2022-32332HIGHCVSS 7.2EG 7.22022-06-14
Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/classes/Master.php?f=delete_category.
- CVE-2022-32333HIGHCVSS 7.2EG 7.22022-06-14
Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/sales/receipt.php?id=.
- CVE-2022-32334HIGHCVSS 7.2EG 7.22022-06-14
Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/categories/manage_category.php?id=.
- CVE-2022-32335HIGHCVSS 7.2EG 7.22022-06-14
Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/menus/manage_menu.php?id=.
- CVE-2022-32336CRITICALCVSS 9.8EG 9.82022-06-14
Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/menus/view_menu.php?id=.
- CVE-2022-32337CRITICALCVSS 9.8EG 9.82022-06-14
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/patients/manage_patient.php?id=.
- CVE-2022-32338HIGHCVSS 7.2EG 7.22022-06-14
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/doctors/manage_doctor.php?id=.
- CVE-2022-32339HIGHCVSS 7.2EG 7.22022-06-14
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/doctors/view_doctor.php?id=.
- CVE-2022-32340HIGHCVSS 7.2EG 7.22022-06-14
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/?page=patients/view_patient&id=.
- CVE-2022-32341HIGHCVSS 7.2EG 7.22022-06-14
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/?page=user/manage_user&id=.
- CVE-2022-32342HIGHCVSS 7.2EG 7.22022-06-14
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/room_types/view_room_type.php?id=.
- CVE-2022-32343HIGHCVSS 7.2EG 7.22022-06-14
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via hprms/admin/room_types/manage_room_type.php?id=.
- CVE-2022-32344HIGHCVSS 7.2EG 7.22022-06-14
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_patient.
- CVE-2022-32345HIGHCVSS 7.2EG 7.22022-06-14
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/rooms/manage_room.php?id=.
- CVE-2022-32346HIGHCVSS 7.2EG 7.22022-06-14
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/rooms/view_room.php?id=.
- CVE-2022-32347HIGHCVSS 7.2EG 7.22022-06-14
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_room.
- CVE-2022-32348HIGHCVSS 7.2EG 7.22022-06-14
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_doctor.
- CVE-2022-32349HIGHCVSS 7.2EG 7.22022-06-14
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_patient_history.
- CVE-2022-32350HIGHCVSS 7.2EG 7.22022-06-14
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_room_type.
- CVE-2022-32351HIGHCVSS 7.2EG 7.22022-06-14
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_message.
- CVE-2022-32352CRITICALCVSS 9.8EG 9.82022-06-14
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_patient_admission.
- CVE-2022-32353HIGHCVSS 7.2EG 7.22022-06-14
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/manage_field_order.php?id=.
- CVE-2022-32354HIGHCVSS 7.2EG 7.22022-06-14
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=user/manage_user&id=.
- CVE-2022-32355HIGHCVSS 7.2EG 7.22022-06-14
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=products/view_product&id=.
- CVE-2022-32358HIGHCVSS 7.2EG 7.22022-06-14
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_inquiry.
- CVE-2022-32359HIGHCVSS 7.2EG 7.22022-06-14
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_category.
- CVE-2022-32362HIGHCVSS 7.2EG 7.22022-06-14
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/manage_category.php?id=.
- CVE-2022-32363HIGHCVSS 7.2EG 7.22022-06-14
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/view_category.php?id=.
- CVE-2022-32364HIGHCVSS 7.2EG 7.22022-06-14
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=products/manage_product&id=.
- CVE-2022-32365HIGHCVSS 7.2EG 7.22022-06-14
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/fields/manage_field.php?id=.
- CVE-2022-32366HIGHCVSS 7.2EG 7.22022-06-14
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/fields/view_field.php?id=.
- CVE-2022-32367HIGHCVSS 7.2EG 7.22022-06-14
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=inquiries/view_inquiry&id=.
- CVE-2022-32368HIGHCVSS 7.2EG 7.22022-06-15
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_grade.php?id=.
- CVE-2022-32370HIGHCVSS 7.2EG 7.22022-06-15
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_classroom.php?id=.
- CVE-2022-32371HIGHCVSS 7.2EG 7.22022-06-15
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_teacher.php?id=.
- CVE-2022-32372HIGHCVSS 7.2EG 7.22022-06-15
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_subject.php?id=.
- CVE-2022-32373HIGHCVSS 7.2EG 7.22022-06-15
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_exam.php?id=.
- CVE-2022-32374HIGHCVSS 7.2EG 7.22022-06-15
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_subject_routing.php?id=.
- CVE-2022-32375HIGHCVSS 7.2EG 7.22022-06-15
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_timetable.php?id=.
- CVE-2022-32376HIGHCVSS 7.2EG 7.22022-06-15
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_events.php?event_id=.
- CVE-2022-32377HIGHCVSS 7.2EG 7.22022-06-15
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_exam_timetable.php?id=.
- CVE-2022-32378HIGHCVSS 7.2EG 7.22022-06-15
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_teacher_profile.php?my_index=.
- CVE-2022-32379HIGHCVSS 7.2EG 7.22022-06-15
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_parents_profile.php?my_index=.
- CVE-2022-32380HIGHCVSS 7.2EG 7.22022-06-15
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_student_subject.php?index=.
Map vulnerabilities like CWE-89 to your infrastructure
EchelonGraph correlates every CVE — across CWE-89 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →