CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,849 vulnerabilities with CWE-89
CVE-2019-25440
HIGH
WebIncorp ERP - Unauthenticated SQL Injection via prod_id Parameter
CVSS 8.2
CVE-2019-25439
HIGH
NoviSmart CMS - SQL Injection via Referer HTTP Header
CVSS 8.2
CVE-2019-25433
HIGH
XOOPS CMS 2.5.9 - Unauthenticated SQL Injection via gerar_pdf.php cid Parameter
CVSS 8.2
CVE-2019-25391
HIGH
Ashop Shopping Cart - SQL Injection
CVSS 8.2
CVE-2019-25366
HIGH
microASP Portal+ CMS - SQL Injection
CVSS 8.2
CVE-2019-25438
HIGH
LabCollector 5.423 - Unauthenticated SQL Injection via login.php or retrieve_password.php Parameters
CVSS 7.5
CVE-2019-25432
HIGH
Part-DB 0.4 - Unauthenticated Authentication Bypass via SQL Injection
CVSS 7.5
CVE-2019-25431
HIGH
Blue-Smiley-Organizer 1.32 - SQL Injection
CVSS 8.2
CVE-2019-25444
CRITICAL
Fiverr Clone Script 1.2.2 - SQL Injection
CVSS 9.1
CVE-2019-25335
HIGH
7070 Hazr Profesyonel Web Sitesi 1.0 - Authentication Bypass via SQL Injection
CVSS 7.5
CVE-2019-25325
HIGH
Thrive Smart Home 1.1 - SQL Injection
CVSS 8.2
CVE-2019-25320
MEDIUM
E Learning Script 1.0 - Auth Bypass
CVSS 6.5
CVE-2019-25347
HIGH
thesystem App 1.0 - SQL Injection
CVSS 7.5
CVE-2019-25346
HIGH
TheSystem 1.0 - SQL Injection
CVSS 7.5
CVE-2019-25303
HIGH
TheJshen ContentManagementSystem 1.04 - SQL Injection
CVSS 7.1
CVE-2019-25300
HIGH
Globitek CMS 1.4 - SQL Injection via 'id' GET Parameter
CVSS 7.1
CVE-2019-25299
HIGH
RimbaLinux AhadPOS 1.11 - SQL Injection
CVSS 7.1
CVE-2019-25298
CRITICAL
html5_snmp 1.11 - SQL Injection via Router_ID and Router_IP Parameters
CVSS 9.1
CVE-2019-25260
HIGH
OXID eShop 6.x < 6.3.4 - SQL Injection via Sorting Parameter
CVSS 8.2
CVE-2019-25223
MEDIUM
Team Circle Image Slider With Lightbox <1.0.4 - SQL Injection
CVSS 4.9
CVE-2019-25222
MEDIUM
Thumbnail carousel slider plugin <1.0.4 - SQL Injection
CVSS 4.9
CVE-2019-25221
MEDIUM
Responsive Filterable Portfolio <1.0.8 - SQL Injection
CVSS 6.5
CVE-2019-25218
MEDIUM
Photo Gallery Slideshow & Masonry Tiled Gallery <1.0.3 - SQL Injection
CVSS 4.9
CVE-2019-25212
MEDIUM
WordPress Video Carousel Slider <1.0.6 - SQL Injection
CVSS 4.9
CVE-2019-25159
MEDIUM
mpedraza2020 Intranet del Monterroso <4.50.0 - SQL Injection
CVSS 5.5
Details
Vulnerabilities
19,849
Exploit Likelihood
High