CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,849 vulnerabilities with CWE-89
CVE-2019-20059 HIGH
YetiShare 3.5.2-4.5.4 - SQL Injection via sSortDir_0 Parameter
CVSS 8.8
CVE-2019-20447 CRITICAL
Jobberbase 2.0 - SQL Injection via PATH_INFO to Jobs-In Endpoint
CVSS 9.8
CVE-2019-15622 LOW
Nextcloud Android App < 3.6.1 - SQL Injection via Custom Queries
CVSS 2.4
CVE-2019-12619 MEDIUM
Cisco SD-WAN Solution vManage < 17.2.0 - Authenticated SQL Injection
CVSS 6.5
CVE-2019-17357 MEDIUM
Cacti < 1.2.7 - SQL Injection via graphs.php template_id Parameter
CVSS 6.5
CVE-2019-20179 HIGH
soplanning < 1.45 - SQL Injection via user_list.php by Parameter
CVSS 8.8
CVE-2019-4651 CRITICAL
IBM Jazz Reporting Service (JRS) 6.0.6.1 - SQL Injection
CVSS 9.8
CVE-2019-20361 CRITICAL
Email Subscribers & Newsletters < 4.3.1 - SQL Injection via Hash Parameter
CVSS 9.8
CVE-2019-15985 HIGH
Cisco Data Center Network Manager < 11.3(1) - Authenticated SQL Injection via REST and SOAP API
CVSS 7.2
CVE-2019-15984 HIGH
Cisco Data Center Network Manager < 11.3(1) - Authenticated SQL Injection via REST and SOAP API
CVSS 7.2
CVE-2019-20337 HIGH
advanced_real_estate_script 4.0.9 - SQL Injection via news_edit.php news_id Parameter
CVSS 7.2
CVE-2019-7478 CRITICAL
SonicWall Global Management System 8.4-9.1 - Unauthenticated SQL Injection in Webservice Module
CVSS 9.8
CVE-2019-19734 HIGH
YetiShare < 3.5.2 - SQL Injection via fileIds Parameter
CVSS 8.8
CVE-2019-19732 HIGH
YetiShare 3.5.2-4.5.3 - SQL Injection
CVSS 7.2
CVE-2019-6012 HIGH
wpDataTables Lite < 2.0.11 - Authenticated SQL Injection
CVSS 7.2
CVE-2019-18234 CRITICAL
Equinox Control Expert - SQL Injection
CVSS 9.8
CVE-2019-17527 CRITICAL
JS JOBS FREE < 1.2.7 - SQL Injection via Custom Fields Child Parameter
CVSS 9.8
CVE-2019-7484 MEDIUM
SonicWall SMA100 <9.0.0.3 - SQL Injection
CVSS 6.5
CVE-2019-8600 CRITICAL
iCloud < 7.12 - Remote Code Execution via Malicious SQL Query
CVSS 9.8
CVE-2019-19846 CRITICAL
Joomla! < 3.9.14 - SQL Injection via Configuration Parameters
CVSS 9.8
CVE-2019-7481 HIGH KEV
SonicWall SMA100 <9.0.0.3 - Info Disclosure
CVSS 7.5
CVE-2019-19850 HIGH
TYPO3 < 8.7.30 - Authenticated SQL Injection in QueryGenerator
CVSS 7.2
CVE-2019-15933 CRITICAL
Intesync Solismed 3.3sp - SQL Injection
CVSS 9.8
CVE-2019-19740 CRITICAL
Octeth Oempro 4.7-4.8 - SQL Injection via CampaignID Parameter
CVSS 9.8
CVE-2019-19650 HIGH
Zoho ManageEngine Applications Manager <13640 - SQL Injection
CVSS 8.8
Details
Vulnerabilities 19,849
Exploit Likelihood High