CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,849 vulnerabilities with CWE-89
CVE-2019-25440 HIGH
WebIncorp ERP - Unauthenticated SQL Injection via prod_id Parameter
CVSS 8.2
CVE-2019-25439 HIGH
NoviSmart CMS - SQL Injection via Referer HTTP Header
CVSS 8.2
CVE-2019-25433 HIGH
XOOPS CMS 2.5.9 - Unauthenticated SQL Injection via gerar_pdf.php cid Parameter
CVSS 8.2
CVE-2019-25391 HIGH
Ashop Shopping Cart - SQL Injection
CVSS 8.2
CVE-2019-25366 HIGH
microASP Portal+ CMS - SQL Injection
CVSS 8.2
CVE-2019-25438 HIGH
LabCollector 5.423 - Unauthenticated SQL Injection via login.php or retrieve_password.php Parameters
CVSS 7.5
CVE-2019-25432 HIGH
Part-DB 0.4 - Unauthenticated Authentication Bypass via SQL Injection
CVSS 7.5
CVE-2019-25431 HIGH
Blue-Smiley-Organizer 1.32 - SQL Injection
CVSS 8.2
CVE-2019-25444 CRITICAL
Fiverr Clone Script 1.2.2 - SQL Injection
CVSS 9.1
CVE-2019-25335 HIGH
7070 Hazr Profesyonel Web Sitesi 1.0 - Authentication Bypass via SQL Injection
CVSS 7.5
CVE-2019-25325 HIGH
Thrive Smart Home 1.1 - SQL Injection
CVSS 8.2
CVE-2019-25320 MEDIUM
E Learning Script 1.0 - Auth Bypass
CVSS 6.5
CVE-2019-25347 HIGH
thesystem App 1.0 - SQL Injection
CVSS 7.5
CVE-2019-25346 HIGH
TheSystem 1.0 - SQL Injection
CVSS 7.5
CVE-2019-25303 HIGH
TheJshen ContentManagementSystem 1.04 - SQL Injection
CVSS 7.1
CVE-2019-25300 HIGH
Globitek CMS 1.4 - SQL Injection via 'id' GET Parameter
CVSS 7.1
CVE-2019-25299 HIGH
RimbaLinux AhadPOS 1.11 - SQL Injection
CVSS 7.1
CVE-2019-25298 CRITICAL
html5_snmp 1.11 - SQL Injection via Router_ID and Router_IP Parameters
CVSS 9.1
CVE-2019-25260 HIGH
OXID eShop 6.x < 6.3.4 - SQL Injection via Sorting Parameter
CVSS 8.2
CVE-2019-25223 MEDIUM
Team Circle Image Slider With Lightbox <1.0.4 - SQL Injection
CVSS 4.9
CVE-2019-25222 MEDIUM
Thumbnail carousel slider plugin <1.0.4 - SQL Injection
CVSS 4.9
CVE-2019-25221 MEDIUM
Responsive Filterable Portfolio <1.0.8 - SQL Injection
CVSS 6.5
CVE-2019-25218 MEDIUM
Photo Gallery Slideshow & Masonry Tiled Gallery <1.0.3 - SQL Injection
CVSS 4.9
CVE-2019-25212 MEDIUM
WordPress Video Carousel Slider <1.0.6 - SQL Injection
CVSS 4.9
CVE-2019-25159 MEDIUM
mpedraza2020 Intranet del Monterroso <4.50.0 - SQL Injection
CVSS 5.5
Details
Vulnerabilities 19,849
Exploit Likelihood High