CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,845 vulnerabilities with CWE-89
CVE-2019-25516 HIGH
Jettweb PHP Hazir Haber Sitesi Scripti V1 - SQL Injection
CVSS 8.2
CVE-2019-25515 HIGH
Jettweb PHP Hazir Haber Sitesi Scripti V3 - Auth Bypass
CVSS 7.5
CVE-2019-25514 HIGH
Jettweb PHP Hazir Haber Sitesi Scripti V3 - SQL Injection
CVSS 8.2
CVE-2019-25513 HIGH
Jettweb PHP Hazir Haber Sitesi Scripti V3 - SQL Injection
CVSS 8.2
CVE-2019-25512 HIGH
Jettweb PHP Hazir Haber Sitesi Scripti V3 - SQL Injection
CVSS 8.2
CVE-2019-25511 HIGH
Jettweb PHP Hazir Haber Sitesi Scripti V3 - SQL Injection
CVSS 8.2
CVE-2019-25510 HIGH
Jettweb PHP Hazir Haber Sitesi Scripti V2 - Auth Bypass
CVSS 8.2
CVE-2019-25509 HIGH
XooDigital Latest - Unauthenticated SQL Injection via 'p' Parameter
CVSS 8.2
CVE-2019-25508 HIGH
Jettweb Php Hazir Ilan Sitesi Scripti V2 - SQL Injection
CVSS 8.2
CVE-2019-25488 HIGH
Jettweb Hazir Rent A Car Scripti V4 - SQL Injection
CVSS 8.2
CVE-2019-25482 HIGH
Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 - SQL Injection
CVSS 8.2
CVE-2019-25481 HIGH
iScripts ReserveLogic - SQL Injection
CVSS 8.2
CVE-2019-25479 HIGH
Inout RealEstate - Unauthenticated SQL Injection via City Parameter
CVSS 8.2
CVE-2019-25473 HIGH
Clinic Pro - Authenticated SQL Injection via Monthly Expense Overview Month Parameter
CVSS 7.1
CVE-2019-25486 HIGH
Varient 1.6.1 - Unauthenticated SQL Injection via user_id Parameter
CVSS 8.2
CVE-2019-25507 HIGH
Ashop Shopping Cart - SQL Injection
CVSS 8.2
CVE-2019-25506 HIGH
FreeSMS < 2.1.2 - Unauthenticated SQL Injection via Password Parameter
CVSS 8.2
CVE-2019-25505 HIGH
Tradebox 5.4 - Authenticated SQL Injection via Symbol Parameter
CVSS 7.1
CVE-2019-25504 HIGH
NCrypted Jobgator - Unauthenticated SQL Injection via Experience Parameter
CVSS 8.2
CVE-2019-25503 HIGH
PHPads 2.0 - Unauthenticated SQL Injection via click.php3 bannerID Parameter
CVSS 7.1
CVE-2019-25501 HIGH
Simple Job Script - SQL Injection
CVSS 8.2
CVE-2019-25500 HIGH
Simple Job Script - SQL Injection
CVSS 8.2
CVE-2019-25499 HIGH
simplejobscript < 1.66 - Unauthenticated SQL Injection via job_id Parameter
CVSS 8.2
CVE-2019-25498 HIGH
Simple Job Script - SQL Injection
CVSS 8.2
CVE-2019-25497 HIGH
osCommerce < 2.3.4.1 - Unauthenticated SQL Injection via Currency Parameter
CVSS 8.2
Details
Vulnerabilities 19,845
Exploit Likelihood High