CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,849 vulnerabilities with CWE-89
CVE-2019-18866 HIGH
Blaauw Remote Kiln Control <v3.00r4 - SQL Injection
CVSS 7.5
CVE-2019-20730 CRITICAL
NETGEAR Multiple Routers - SQL Injection
CVSS 9.8
CVE-2019-19094 HIGH
HitachiEnergy eSOMS 3.9-6.0.3 - SQL Injection
CVSS 7.6
CVE-2019-7755 HIGH
webERP 4.15 - SQL Injection via MT940 Bank Statement Import
CVSS 8.8
CVE-2019-20613 HIGH
Android N(7.x)-O(8.x) - SQL Injection in Contacts
CVSS 8.1
CVE-2019-20592 HIGH
Samsung Android N(7.x)-P(9.0) - Local SQL Injection in Story Video Editor Content Provider
CVSS 7.8
CVE-2019-20591 HIGH
Samsung Android N(7.x)-P(9.0) - Local SQL Injection in Gear VR Service Content Provider
CVSS 7.8
CVE-2019-20576 CRITICAL
Samsung Android P(9.0) - SQL Injection via MemorySaver Content Provider
CVSS 9.8
CVE-2019-20574 HIGH
Android N(7.x)-P(9.0) - SQL Injection in Wi-Fi History Content Provider
CVSS 7.8
CVE-2019-20573 HIGH
Android N(7.x)-P(9.0) - SQL Injection in RCS Content Provider
CVSS 7.8
CVE-2019-19029 HIGH
Cloud Native Computing Foundation Harbor <1.8.6,1.9.3 - SQL Injection
CVSS 7.2
CVE-2019-19026 MEDIUM
Cloud Native Computing Foundation Harbor <1.8.6,1.9.3 - SQL Injection
CVSS 4.9
CVE-2019-16065 HIGH
Enigma NMS < 65.0.0 - SQL Injection via manage_hosts_short.cgi search_pattern Parameter
CVSS 8.8
CVE-2019-16012 HIGH
Cisco SD-WAN Solution vManage - SQL Injection
CVSS 8.1
CVE-2019-19209 HIGH
Dolibarr ERP/CRM <10.0.3 - SQL Injection
CVSS 7.5
CVE-2019-19292 HIGH
Control Center Server < V1.5.0 - SQL Injection
CVSS 8.8
CVE-2019-17647 CRITICAL
Centreon < 2.8.30 - SQL Injection via hostXML.php Instance Parameter
CVSS 9.8
CVE-2019-20107 HIGH
TestLink <= 1.9.19 - Authenticated SQL Injection via Multiple Parameters
CVSS 8.8
CVE-2019-19608 CRITICAL
Mitel MiCollab AWV <8.1.2.2 - SQL Injection
CVSS 9.8
CVE-2019-19607 CRITICAL
Mitel MiCollab AWV <8.1.2.2 - SQL Injection
CVSS 9.8
CVE-2019-4669 MEDIUM
IBM Business Process Manager <8.5.7.0 - SQL Injection
CVSS 6.3
CVE-2019-4598 MEDIUM
IBM Sterling B2B Integrator Standard Edition <5.2.6.5 - SQL Injection
CVSS 6.3
CVE-2019-4597 MEDIUM
IBM Sterling B2B Integrator Standard Edition <5.2.6.5 - SQL Injection
CVSS 6.3
CVE-2019-19986 HIGH
Selesta Visual Access Manager 4.15.0-4.29.0 - Unauthenticated SQL Injection via persoid Parameter
CVSS 7.5
CVE-2019-4752 HIGH
IBM Emptoris Spend Analysis & Strategic Supply Management Platform ...
CVSS 8.8
Details
Vulnerabilities 19,849
Exploit Likelihood High