CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,845 vulnerabilities with CWE-89
CVE-2019-25678 HIGH
C4G BLIS 3.4 SQL Injection via users_select.php
CVSS 8.2
CVE-2019-25676 HIGH
Ask Expert Script 3.0.5 Cross Site Scripting SQL Injection
CVSS 8.2
CVE-2019-25675 HIGH
eDirectory All Versions SQL Injection Authentication Bypass
CVSS 8.2
CVE-2019-25674 HIGH
CMSsite 1.0 SQL Injection via post Parameter
CVSS 8.2
CVE-2019-25672 HIGH
PilusCart 1.4.1 SQL Injection via send Parameter
CVSS 8.2
CVE-2019-25669 HIGH
qdPM 9.1 SQL Injection via search_by_extrafields Parameter
CVSS 8.2
CVE-2019-25668 HIGH
News Website Script 2.0.5 SQL Injection via index.php
CVSS 8.2
CVE-2019-25664 HIGH
SuiteCRM 7.10.7 SQL Injection via record Parameter
CVSS 7.1
CVE-2019-25663 HIGH
SuiteCRM 7.10.7 SQL Injection via parentTab Parameter
CVSS 7.1
CVE-2019-25662 HIGH
ResourceSpace 8.6 SQL Injection via watched_searches.php
CVSS 8.2
CVE-2019-25643 HIGH
eNdonesia Portal v8.7 SQL Injection via banners.php
CVSS 8.2
CVE-2019-25642 HIGH
Bootstrapy CMS Lastest Multiple SQL Injection via Forum and Contact Modules
CVSS 8.2
CVE-2019-25641 HIGH
Netartmedia Vlog System Lastest SQL Injection via email Parameter
CVSS 8.2
CVE-2019-25640 HIGH
Inout Article Base CMS Lastest SQL Injection via portalLogin.php
CVSS 8.2
CVE-2019-25639 HIGH
Matrimony Website Script M-Plus Multiple SQL Injection
CVSS 8.2
CVE-2019-25638 HIGH
Meeplace Business Review Script Lastest SQL Injection via addclick.php
CVSS 7.1
CVE-2019-25636 HIGH
Zeeways Jobsite CMS Lastest SQL Injection via id Parameter
CVSS 8.2
CVE-2019-25635 HIGH
Zeeways Matrimony CMS Lastest SQL Injection via profile_list
CVSS 8.2
CVE-2019-25581 HIGH
i-doit CMDB 1.12 SQL Injection via objGroupID Parameter
CVSS 8.2
CVE-2019-25578 HIGH
phpTransformer 2016.9 SQL Injection via GeneratePDF.php
CVSS 8.2
CVE-2019-25576 HIGH
Kepler Wallpaper Script 1.1 SQL Injection via category
CVSS 8.2
CVE-2019-25575 HIGH
SimplePress CMS 1.0.7 SQL Injection via p and s Parameters
CVSS 8.2
CVE-2019-25573 HIGH
Green CMS 2.x SQL Injection via cat Parameter
CVSS 7.1
CVE-2019-25543 HIGH
Netartmedia Real Estate Portal 5.0 - SQL Injection
CVSS 8.2
CVE-2019-25542 HIGH
Netartmedia Real Estate Portal 5.0 - SQL Injection
CVSS 8.2
Details
Vulnerabilities 19,845
Exploit Likelihood High