CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,845 vulnerabilities with CWE-89
CVE-2019-25748
HIGH
Joomla JHotelReservation 6.0.7 SQL Injection via search-hotels
CVSS 8.2
CVE-2019-25746
HIGH
WordPress Sliced Invoices 3.8.2 SQL Injection via post Parameter
CVSS 7.1
CVE-2019-25745
HIGH
WordPress Plugin Google Review Slider 6.1 SQL Injection via tid
CVSS 8.2
CVE-2019-25732
HIGH
PHP EI-Tube Script 3 SQL Injection via search parameter
CVSS 8.2
CVE-2019-25730
HIGH
Listing Hub CMS 1.0 SQL Injection via pages.php id
CVSS 8.2
CVE-2019-25728
HIGH
Care2x 2.7 Hospital Information System SQL Injection via ck_config
CVSS 8.2
CVE-2019-25726
HIGH
All in One Video Downloader 1.2 SQL Injection via admin page-edit
CVSS 8.2
CVE-2019-25713
HIGH
MyT-PM 1.5.1 SQL Injection via Charge[group_total] Parameter
CVSS 7.1
CVE-2019-25710
HIGH
Dolibarr ERP-CRM 8.0.4 SQL Injection via rowid Parameter
CVSS 8.2
CVE-2019-25707
HIGH
eBrigade ERP 4.5 SQL Injection via pdf.php
CVSS 7.1
CVE-2019-25703
HIGH
ImpressCMS 1.3.11 SQL Injection via bid Parameter
CVSS 7.1
CVE-2019-25699
HIGH
Newsbull Haber Script 1.0.0 Authenticated SQL Injection via search parameter
CVSS 7.1
CVE-2019-25697
HIGH
CMSsite 1.0 SQL Injection via category.php
CVSS 8.2
CVE-2019-25693
HIGH
ResourceSpace 8.6 SQL Injection via collection_edit.php
CVSS 7.1
CVE-2019-25704
HIGH
Kados R10 GreenBee SQL Injection via filter_user_mail
CVSS 8.2
CVE-2019-25702
HIGH
Kados R10 GreenBee SQL Injection via id_project Parameter
CVSS 8.2
CVE-2019-25700
HIGH
Kados R10 GreenBee SQL Injection via sort_direction Parameter
CVSS 8.2
CVE-2019-25698
HIGH
Kados R10 GreenBee SQL Injection via id_to_delete Parameter
CVSS 8.2
CVE-2019-25696
HIGH
Kados R10 GreenBee SQL Injection via language_tag Parameter
CVSS 8.2
CVE-2019-25694
HIGH
Kados R10 GreenBee SQL Injection via user2reset
CVSS 8.2
CVE-2019-25692
HIGH
Kados R10 GreenBee SQL Injection via id_to_modify Parameter
CVSS 8.2
CVE-2019-25690
HIGH
Kados R10 GreenBee SQL Injection via mng_profile_id
CVSS 8.2
CVE-2019-25688
HIGH
Kados R10 GreenBee SQL Injection via menu_lev1 Parameter
CVSS 8.2
CVE-2019-25684
HIGH
OpenDocMan 1.3.4 SQL Injection via where Parameter
CVSS 8.2
CVE-2019-25680
HIGH
Advance Gift Shop Pro Script 2.0.3 SQL Injection via search
CVSS 8.2
Details
Vulnerabilities
19,845
Exploit Likelihood
High