CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,849 vulnerabilities with CWE-89
CVE-2019-25100
MEDIUM
happyman twmap <2.9_v4.31 - SQL Injection
CVSS 5.5
CVE-2019-12359
HIGH
zzcms 2019 - Authenticated SQL Injection via id Parameter
CVSS 7.2
CVE-2019-12358
HIGH
zzcms 2019 - SQL Injection via dlid Cookie in /dl/dl_sendsms.php
CVSS 8.8
CVE-2019-12357
HIGH
zzcms 2019 - Authenticated SQL Injection via /admin/deluser.php id Parameter
CVSS 7.2
CVE-2019-12356
HIGH
zzcms 2019 - SQL Injection via /user/dls_download.php id Parameter
CVSS 8.8
CVE-2019-12355
HIGH
zzcms 2019 - SQL Injection via id Parameter in dls_print.php
CVSS 8.8
CVE-2019-12354
HIGH
zzcms 2019 - Authenticated SQL Injection via id Parameter
CVSS 7.2
CVE-2019-12353
HIGH
zzcms 2019 - Authenticated SQL Injection via /admin/dl_sendmail.php id Parameter
CVSS 7.2
CVE-2019-12352
HIGH
zzcms 2019 - SQL Injection via dlid Cookie in dl_sendmail.php
CVSS 8.8
CVE-2019-4575
CRITICAL
IBM Financial Transaction Manager for Digital Payments <3.2.9 - SQL...
CVSS 9.8
CVE-2019-12351
CRITICAL
zzcms 2019 - SQL Injection via dl/dl_print.php id Parameter
CVSS 9.8
CVE-2019-12350
CRITICAL
zzcms 2019 - SQL Injection via dl/dl_download.php id Parameter
CVSS 9.8
CVE-2019-12349
CRITICAL
zzcms 2019 - SQL Injection via /admin/dl_sendsms.php id Parameter
CVSS 9.8
CVE-2019-12348
CRITICAL
zzcms 2019 - SQL Injection via daohang or img POST Parameter
CVSS 9.8
CVE-2019-25019
CRITICAL
LimeSurvey <4.0.0-RC4 - SQL Injection
CVSS 9.8
CVE-2019-7726
CRITICAL
NukeViet < 4.3.04 - SQL Injection via HTTP Header Data
CVSS 9.8
CVE-2019-19286
HIGH
Siemens XHQ < 6.1.0.0 - SQL Injection via Web Interface
CVSS 7.2
CVE-2019-19876
CRITICAL
B&R Industrial Automation APROL < R4.2 - SQL Injection via EnMon PHP Script
CVSS 9.8
CVE-2019-4680
HIGH
IBM Sterling B2B Integrator Standard Edition <6.0.2.2 - SQL Injection
CVSS 8.8
CVE-2019-4671
MEDIUM
IBM Maximo Asset Management <7.6.1 - SQL Injection
CVSS 6.3
CVE-2019-19499
MEDIUM
Grafana <= 6.4.3 - Authenticated Arbitrary File Read via Data Source Configuration
CVSS 6.5
CVE-2019-20896
CRITICAL
WebChess 1.0 - SQL Injection via messageFrom, gameID, opponent, messageID, or to Parameter
CVSS 9.8
CVE-2019-14900
MEDIUM
Redhat Openstack < 5.3.18 - SQL Injection
CVSS 6.5
CVE-2019-4650
MEDIUM
IBM Maximo Asset Management 7.6.1.1 - SQL Injection
CVSS 6.3
CVE-2019-20842
HIGH
Mattermost Server < 5.9.7 - Authenticated SQL Injection via SearchAllChannels
CVSS 7.2
Details
Vulnerabilities
19,849
Exploit Likelihood
High