CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,849 vulnerabilities with CWE-89
CVE-2019-25500
HIGH
Simple Job Script - SQL Injection
CVSS 8.2
CVE-2019-25499
HIGH
simplejobscript < 1.66 - Unauthenticated SQL Injection via job_id Parameter
CVSS 8.2
CVE-2019-25498
HIGH
Simple Job Script - SQL Injection
CVSS 8.2
CVE-2019-25497
HIGH
osCommerce < 2.3.4.1 - Unauthenticated SQL Injection via Currency Parameter
CVSS 8.2
CVE-2019-25496
HIGH
osCommerce 2.3.4.1 - Unauthenticated SQL Injection via products_id Parameter
CVSS 8.2
CVE-2019-25495
HIGH
osCommerce 2.3.4.1 - Unauthenticated SQL Injection via reviews_id Parameter
CVSS 8.2
CVE-2019-25494
HIGH
Doditsolutions Homey BNB (Airbnb Clone Script) >=V4 - SQL Injection & Auth Bypass via Admin Panel
CVSS 8.2
CVE-2019-25493
HIGH
Doditsolutions Homey BNB (Airbnb Clone Script) >=V4 - Unauthenticated SQL Injection via 'val' Parameter in getrecord.php
CVSS 8.2
CVE-2019-25492
HIGH
Doditsolutions Homey BNB (Airbnb Clone Script) >=V4 - Unauthenticated SQL Injection via 'pt' Parameter in getcmsdata.php
CVSS 8.2
CVE-2019-25491
HIGH
Doditsolutions Homey BNB (Airbnb Clone Script) >=V4 - Unauthenticated SQL Injection via catid Parameter
CVSS 8.2
CVE-2019-25490
HIGH
Doditsolutions Homey BNB V4 - Unauthenticated SQL Injection via Admin Edit.php ID Parameter
CVSS 8.2
CVE-2019-25489
HIGH
Doditsolutions Homey BNB (Airbnb Clone Script) >=V4 - Unauthenticated SQL Injection via hosting_id Parameter
CVSS 8.2
CVE-2019-25462
HIGH
Web Ofisi Rent a Car v3 - SQL Injection
CVSS 8.2
CVE-2019-25461
HIGH
Web Ofisi Platinum E-Ticaret v5 - SQL Injection
CVSS 7.5
CVE-2019-25460
HIGH
Web Ofisi Platinum E-Ticaret v5 - SQL Injection
CVSS 7.5
CVE-2019-25459
CRITICAL
Web-ofisi Emlak V2 - Unauthenticated SQL Injection via GET Parameters
CVSS 9.8
CVE-2019-25458
CRITICAL
Web Ofisi Firma Rehberi v1 - SQL Injection
CVSS 9.8
CVE-2019-25457
HIGH
Web Ofisi Firma v13 - SQL Injection
CVSS 7.5
CVE-2019-25456
CRITICAL
Web-ofisi Emlak v2 - Unauthenticated SQL Injection via 'ara' GET Parameter
CVSS 9.1
CVE-2019-25455
HIGH
Web Ofisi E-Ticaret v3 - SQL Injection
CVSS 7.5
CVE-2019-25452
HIGH
Dolibarr ERP/CRM 10.0.1 - SQL Injection
CVSS 7.5
CVE-2019-25450
HIGH
Dolibarr ERP/CRM 10.0.1 - SQL Injection
CVSS 7.5
CVE-2019-25446
HIGH
DIGIT CENTRIS ERP - Unauthenticated SQL Injection via datum1, datum2, KID, and PID Parameters
CVSS 8.2
CVE-2019-25443
HIGH
inventory-webapp - Unauthenticated SQL Injection via add-item.php Parameters
CVSS 8.2
CVE-2019-25442
HIGH
Web Wiz Forums 12.01 - SQL Injection
CVSS 7.5
Details
Vulnerabilities
19,849
Exploit Likelihood
High