CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,849 vulnerabilities with CWE-89
CVE-2019-25500 HIGH
Simple Job Script - SQL Injection
CVSS 8.2
CVE-2019-25499 HIGH
simplejobscript < 1.66 - Unauthenticated SQL Injection via job_id Parameter
CVSS 8.2
CVE-2019-25498 HIGH
Simple Job Script - SQL Injection
CVSS 8.2
CVE-2019-25497 HIGH
osCommerce < 2.3.4.1 - Unauthenticated SQL Injection via Currency Parameter
CVSS 8.2
CVE-2019-25496 HIGH
osCommerce 2.3.4.1 - Unauthenticated SQL Injection via products_id Parameter
CVSS 8.2
CVE-2019-25495 HIGH
osCommerce 2.3.4.1 - Unauthenticated SQL Injection via reviews_id Parameter
CVSS 8.2
CVE-2019-25494 HIGH
Doditsolutions Homey BNB (Airbnb Clone Script) >=V4 - SQL Injection & Auth Bypass via Admin Panel
CVSS 8.2
CVE-2019-25493 HIGH
Doditsolutions Homey BNB (Airbnb Clone Script) >=V4 - Unauthenticated SQL Injection via 'val' Parameter in getrecord.php
CVSS 8.2
CVE-2019-25492 HIGH
Doditsolutions Homey BNB (Airbnb Clone Script) >=V4 - Unauthenticated SQL Injection via 'pt' Parameter in getcmsdata.php
CVSS 8.2
CVE-2019-25491 HIGH
Doditsolutions Homey BNB (Airbnb Clone Script) >=V4 - Unauthenticated SQL Injection via catid Parameter
CVSS 8.2
CVE-2019-25490 HIGH
Doditsolutions Homey BNB V4 - Unauthenticated SQL Injection via Admin Edit.php ID Parameter
CVSS 8.2
CVE-2019-25489 HIGH
Doditsolutions Homey BNB (Airbnb Clone Script) >=V4 - Unauthenticated SQL Injection via hosting_id Parameter
CVSS 8.2
CVE-2019-25462 HIGH
Web Ofisi Rent a Car v3 - SQL Injection
CVSS 8.2
CVE-2019-25461 HIGH
Web Ofisi Platinum E-Ticaret v5 - SQL Injection
CVSS 7.5
CVE-2019-25460 HIGH
Web Ofisi Platinum E-Ticaret v5 - SQL Injection
CVSS 7.5
CVE-2019-25459 CRITICAL
Web-ofisi Emlak V2 - Unauthenticated SQL Injection via GET Parameters
CVSS 9.8
CVE-2019-25458 CRITICAL
Web Ofisi Firma Rehberi v1 - SQL Injection
CVSS 9.8
CVE-2019-25457 HIGH
Web Ofisi Firma v13 - SQL Injection
CVSS 7.5
CVE-2019-25456 CRITICAL
Web-ofisi Emlak v2 - Unauthenticated SQL Injection via 'ara' GET Parameter
CVSS 9.1
CVE-2019-25455 HIGH
Web Ofisi E-Ticaret v3 - SQL Injection
CVSS 7.5
CVE-2019-25452 HIGH
Dolibarr ERP/CRM 10.0.1 - SQL Injection
CVSS 7.5
CVE-2019-25450 HIGH
Dolibarr ERP/CRM 10.0.1 - SQL Injection
CVSS 7.5
CVE-2019-25446 HIGH
DIGIT CENTRIS ERP - Unauthenticated SQL Injection via datum1, datum2, KID, and PID Parameters
CVSS 8.2
CVE-2019-25443 HIGH
inventory-webapp - Unauthenticated SQL Injection via add-item.php Parameters
CVSS 8.2
CVE-2019-25442 HIGH
Web Wiz Forums 12.01 - SQL Injection
CVSS 7.5
Details
Vulnerabilities 19,849
Exploit Likelihood High