CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,845 vulnerabilities with CWE-89
CVE-2019-25516
HIGH
Jettweb PHP Hazir Haber Sitesi Scripti V1 - SQL Injection
CVSS 8.2
CVE-2019-25515
HIGH
Jettweb PHP Hazir Haber Sitesi Scripti V3 - Auth Bypass
CVSS 7.5
CVE-2019-25514
HIGH
Jettweb PHP Hazir Haber Sitesi Scripti V3 - SQL Injection
CVSS 8.2
CVE-2019-25513
HIGH
Jettweb PHP Hazir Haber Sitesi Scripti V3 - SQL Injection
CVSS 8.2
CVE-2019-25512
HIGH
Jettweb PHP Hazir Haber Sitesi Scripti V3 - SQL Injection
CVSS 8.2
CVE-2019-25511
HIGH
Jettweb PHP Hazir Haber Sitesi Scripti V3 - SQL Injection
CVSS 8.2
CVE-2019-25510
HIGH
Jettweb PHP Hazir Haber Sitesi Scripti V2 - Auth Bypass
CVSS 8.2
CVE-2019-25509
HIGH
XooDigital Latest - Unauthenticated SQL Injection via 'p' Parameter
CVSS 8.2
CVE-2019-25508
HIGH
Jettweb Php Hazir Ilan Sitesi Scripti V2 - SQL Injection
CVSS 8.2
CVE-2019-25488
HIGH
Jettweb Hazir Rent A Car Scripti V4 - SQL Injection
CVSS 8.2
CVE-2019-25482
HIGH
Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 - SQL Injection
CVSS 8.2
CVE-2019-25481
HIGH
iScripts ReserveLogic - SQL Injection
CVSS 8.2
CVE-2019-25479
HIGH
Inout RealEstate - Unauthenticated SQL Injection via City Parameter
CVSS 8.2
CVE-2019-25473
HIGH
Clinic Pro - Authenticated SQL Injection via Monthly Expense Overview Month Parameter
CVSS 7.1
CVE-2019-25486
HIGH
Varient 1.6.1 - Unauthenticated SQL Injection via user_id Parameter
CVSS 8.2
CVE-2019-25507
HIGH
Ashop Shopping Cart - SQL Injection
CVSS 8.2
CVE-2019-25506
HIGH
FreeSMS < 2.1.2 - Unauthenticated SQL Injection via Password Parameter
CVSS 8.2
CVE-2019-25505
HIGH
Tradebox 5.4 - Authenticated SQL Injection via Symbol Parameter
CVSS 7.1
CVE-2019-25504
HIGH
NCrypted Jobgator - Unauthenticated SQL Injection via Experience Parameter
CVSS 8.2
CVE-2019-25503
HIGH
PHPads 2.0 - Unauthenticated SQL Injection via click.php3 bannerID Parameter
CVSS 7.1
CVE-2019-25501
HIGH
Simple Job Script - SQL Injection
CVSS 8.2
CVE-2019-25500
HIGH
Simple Job Script - SQL Injection
CVSS 8.2
CVE-2019-25499
HIGH
simplejobscript < 1.66 - Unauthenticated SQL Injection via job_id Parameter
CVSS 8.2
CVE-2019-25498
HIGH
Simple Job Script - SQL Injection
CVSS 8.2
CVE-2019-25497
HIGH
osCommerce < 2.3.4.1 - Unauthenticated SQL Injection via Currency Parameter
CVSS 8.2
Details
Vulnerabilities
19,845
Exploit Likelihood
High