CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,845 vulnerabilities with CWE-89
CVE-2019-25748 HIGH
Joomla JHotelReservation 6.0.7 SQL Injection via search-hotels
CVSS 8.2
CVE-2019-25746 HIGH
WordPress Sliced Invoices 3.8.2 SQL Injection via post Parameter
CVSS 7.1
CVE-2019-25745 HIGH
WordPress Plugin Google Review Slider 6.1 SQL Injection via tid
CVSS 8.2
CVE-2019-25732 HIGH
PHP EI-Tube Script 3 SQL Injection via search parameter
CVSS 8.2
CVE-2019-25730 HIGH
Listing Hub CMS 1.0 SQL Injection via pages.php id
CVSS 8.2
CVE-2019-25728 HIGH
Care2x 2.7 Hospital Information System SQL Injection via ck_config
CVSS 8.2
CVE-2019-25726 HIGH
All in One Video Downloader 1.2 SQL Injection via admin page-edit
CVSS 8.2
CVE-2019-25713 HIGH
MyT-PM 1.5.1 SQL Injection via Charge[group_total] Parameter
CVSS 7.1
CVE-2019-25710 HIGH
Dolibarr ERP-CRM 8.0.4 SQL Injection via rowid Parameter
CVSS 8.2
CVE-2019-25707 HIGH
eBrigade ERP 4.5 SQL Injection via pdf.php
CVSS 7.1
CVE-2019-25703 HIGH
ImpressCMS 1.3.11 SQL Injection via bid Parameter
CVSS 7.1
CVE-2019-25699 HIGH
Newsbull Haber Script 1.0.0 Authenticated SQL Injection via search parameter
CVSS 7.1
CVE-2019-25697 HIGH
CMSsite 1.0 SQL Injection via category.php
CVSS 8.2
CVE-2019-25693 HIGH
ResourceSpace 8.6 SQL Injection via collection_edit.php
CVSS 7.1
CVE-2019-25704 HIGH
Kados R10 GreenBee SQL Injection via filter_user_mail
CVSS 8.2
CVE-2019-25702 HIGH
Kados R10 GreenBee SQL Injection via id_project Parameter
CVSS 8.2
CVE-2019-25700 HIGH
Kados R10 GreenBee SQL Injection via sort_direction Parameter
CVSS 8.2
CVE-2019-25698 HIGH
Kados R10 GreenBee SQL Injection via id_to_delete Parameter
CVSS 8.2
CVE-2019-25696 HIGH
Kados R10 GreenBee SQL Injection via language_tag Parameter
CVSS 8.2
CVE-2019-25694 HIGH
Kados R10 GreenBee SQL Injection via user2reset
CVSS 8.2
CVE-2019-25692 HIGH
Kados R10 GreenBee SQL Injection via id_to_modify Parameter
CVSS 8.2
CVE-2019-25690 HIGH
Kados R10 GreenBee SQL Injection via mng_profile_id
CVSS 8.2
CVE-2019-25688 HIGH
Kados R10 GreenBee SQL Injection via menu_lev1 Parameter
CVSS 8.2
CVE-2019-25684 HIGH
OpenDocMan 1.3.4 SQL Injection via where Parameter
CVSS 8.2
CVE-2019-25680 HIGH
Advance Gift Shop Pro Script 2.0.3 SQL Injection via search
CVSS 8.2
Details
Vulnerabilities 19,845
Exploit Likelihood High