CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,845 vulnerabilities with CWE-89
CVE-2019-25541
HIGH
Netartmedia PHP Mall 4.1 - SQL Injection
CVSS 8.2
CVE-2019-25540
HIGH
Netartmedia PHP Mall 4.1 - SQL Injection
CVSS 8.2
CVE-2019-25539
HIGH
202CMS v10 beta - Unauthenticated Blind SQL Injection via log_user Parameter
CVSS 8.2
CVE-2019-25538
HIGH
202CMS v10 beta - Unauthenticated SQL Injection via log_user Parameter
CVSS 8.2
CVE-2019-25537
HIGH
Netartmedia Event Portal 2.0 - SQL Injection
CVSS 8.2
CVE-2019-25536
HIGH
Netartmedia PHP Real Estate Agency 4.0 - SQL Injection
CVSS 8.2
CVE-2019-25535
HIGH
Netartmedia PHP Dating Site - SQL Injection
CVSS 8.2
CVE-2019-25534
HIGH
Netartmedia PHP Car Dealer - SQL Injection
CVSS 8.2
CVE-2019-25533
HIGH
Netartmedia PHP Business Directory 4.2 - SQL Injection
CVSS 8.2
CVE-2019-25532
HIGH
Netartmedia Jobs Portal 6.1 - SQL Injection
CVSS 8.2
CVE-2019-25531
HIGH
Netartmedia Deals Portal - SQL Injection
CVSS 8.2
CVE-2019-25530
HIGH
uHotelBooking System - SQL Injection
CVSS 8.2
CVE-2019-25529
HIGH
Placeto CMS Alpha rv.4 - SQL Injection
CVSS 7.1
CVE-2019-25528
HIGH
Inout EasyRooms Ultimate 1.0 - SQL Injection
CVSS 8.2
CVE-2019-25527
HIGH
Inout EasyRooms Ultimate 1.0 - SQL Injection
CVSS 8.2
CVE-2019-25526
HIGH
Inout EasyRooms Ultimate 1.0 - SQL Injection
CVSS 8.2
CVE-2019-25525
HIGH
Inout EasyRooms Ultimate 1.0 - SQL Injection
CVSS 8.2
CVE-2019-25524
HIGH
XooGallery Latest - Unauthenticated SQL Injection via 'p' Parameter
CVSS 8.2
CVE-2019-25523
HIGH
XooGallery Latest - Unauthenticated SQL Injection via cat_id Parameter
CVSS 8.2
CVE-2019-25522
HIGH
XooGallery Latest - Unauthenticated SQL Injection via photo_id Parameter
CVSS 8.2
CVE-2019-25521
HIGH
XooGallery Latest - Unauthenticated SQL Injection via gal_id Parameter
CVSS 8.2
CVE-2019-25520
HIGH
Jettweb PHP Hazir Haber Sitesi Scripti V1 - Auth Bypass
CVSS 8.2
CVE-2019-25519
HIGH
Jettweb PHP Hazir Haber Sitesi Scripti V1 - SQL Injection
CVSS 8.2
CVE-2019-25518
HIGH
Jettweb PHP Hazir Haber Sitesi Scripti V1 - SQL Injection
CVSS 8.2
CVE-2019-25517
HIGH
Jettweb PHP Hazir Haber Sitesi Scripti V1 - SQL Injection
CVSS 8.2
Details
Vulnerabilities
19,845
Exploit Likelihood
High