CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,845 vulnerabilities with CWE-89
CVE-2019-25541 HIGH
Netartmedia PHP Mall 4.1 - SQL Injection
CVSS 8.2
CVE-2019-25540 HIGH
Netartmedia PHP Mall 4.1 - SQL Injection
CVSS 8.2
CVE-2019-25539 HIGH
202CMS v10 beta - Unauthenticated Blind SQL Injection via log_user Parameter
CVSS 8.2
CVE-2019-25538 HIGH
202CMS v10 beta - Unauthenticated SQL Injection via log_user Parameter
CVSS 8.2
CVE-2019-25537 HIGH
Netartmedia Event Portal 2.0 - SQL Injection
CVSS 8.2
CVE-2019-25536 HIGH
Netartmedia PHP Real Estate Agency 4.0 - SQL Injection
CVSS 8.2
CVE-2019-25535 HIGH
Netartmedia PHP Dating Site - SQL Injection
CVSS 8.2
CVE-2019-25534 HIGH
Netartmedia PHP Car Dealer - SQL Injection
CVSS 8.2
CVE-2019-25533 HIGH
Netartmedia PHP Business Directory 4.2 - SQL Injection
CVSS 8.2
CVE-2019-25532 HIGH
Netartmedia Jobs Portal 6.1 - SQL Injection
CVSS 8.2
CVE-2019-25531 HIGH
Netartmedia Deals Portal - SQL Injection
CVSS 8.2
CVE-2019-25530 HIGH
uHotelBooking System - SQL Injection
CVSS 8.2
CVE-2019-25529 HIGH
Placeto CMS Alpha rv.4 - SQL Injection
CVSS 7.1
CVE-2019-25528 HIGH
Inout EasyRooms Ultimate 1.0 - SQL Injection
CVSS 8.2
CVE-2019-25527 HIGH
Inout EasyRooms Ultimate 1.0 - SQL Injection
CVSS 8.2
CVE-2019-25526 HIGH
Inout EasyRooms Ultimate 1.0 - SQL Injection
CVSS 8.2
CVE-2019-25525 HIGH
Inout EasyRooms Ultimate 1.0 - SQL Injection
CVSS 8.2
CVE-2019-25524 HIGH
XooGallery Latest - Unauthenticated SQL Injection via 'p' Parameter
CVSS 8.2
CVE-2019-25523 HIGH
XooGallery Latest - Unauthenticated SQL Injection via cat_id Parameter
CVSS 8.2
CVE-2019-25522 HIGH
XooGallery Latest - Unauthenticated SQL Injection via photo_id Parameter
CVSS 8.2
CVE-2019-25521 HIGH
XooGallery Latest - Unauthenticated SQL Injection via gal_id Parameter
CVSS 8.2
CVE-2019-25520 HIGH
Jettweb PHP Hazir Haber Sitesi Scripti V1 - Auth Bypass
CVSS 8.2
CVE-2019-25519 HIGH
Jettweb PHP Hazir Haber Sitesi Scripti V1 - SQL Injection
CVSS 8.2
CVE-2019-25518 HIGH
Jettweb PHP Hazir Haber Sitesi Scripti V1 - SQL Injection
CVSS 8.2
CVE-2019-25517 HIGH
Jettweb PHP Hazir Haber Sitesi Scripti V1 - SQL Injection
CVSS 8.2
Details
Vulnerabilities 19,845
Exploit Likelihood High