CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,849 vulnerabilities with CWE-89
CVE-2019-19649 CRITICAL
Zoho ManageEngine Applications Manager <13620 - SQL Injection
CVSS 9.8
CVE-2019-5112 HIGH
Forma LMS 2.2.1 - SQL Injection
CVSS 8.8
CVE-2019-5111 HIGH
Forma LMS 2.2.1 - SQL Injection
CVSS 8.8
CVE-2019-5110 HIGH
Forma LMS 2.2.1 - SQL Injection
CVSS 8.8
CVE-2019-5109 HIGH
Forma LMS 2.2.1 - SQL Injection
CVSS 8.8
CVE-2019-19016 HIGH
TitanHQ WebTitan <5.18 - SQL Injection
CVSS 7.5
CVE-2019-19245 CRITICAL
NAPC Xinet Elegant 6.1.655 - SQL Injection
CVSS 9.8
CVE-2019-15300 HIGH
Centreon Web 2.8.1-2.8.29 - Authenticated SQL Injection via arId Parameter
CVSS 8.8
CVE-2019-4387 HIGH
IBM Sterling B2B Integrator Standard Edition <6.0.2.0 - SQL Injection
CVSS 8.8
CVE-2019-15995 MEDIUM
Cisco DNA Spaces: Connector - SQL Injection
CVSS 6.5
CVE-2019-15972 HIGH
Cisco Unified Communications Manager - SQL Injection
CVSS 8.8
CVE-2019-19250 CRITICAL
OpenTrade <2019-11-23 - SQL Injection
CVSS 9.8
CVE-2019-18622 CRITICAL
phpMyAdmin < 4.9.2 - SQL Injection via Designer Feature
CVSS 9.8
CVE-2019-19207 HIGH
rconfig 3.9.2 - SQL Injection via devices.php searchColumn Parameter
CVSS 8.8
CVE-2019-18890 MEDIUM
Redmine < 3.3.10 - Authenticated SQL Injection via Object Query
CVSS 6.5
CVE-2019-10766 CRITICAL
Pixie 1.0.0-1.0.2 and 2.0.0-2.0.1 - SQL Injection in limit() Function
CVSS 9.8
CVE-2019-10763 MEDIUM
pimcore < 6.3.0 - Authenticated SQL Injection via id, storeId, pageSize, or tables Parameters
CVSS 6.5
CVE-2019-19113 CRITICAL
New Bee <2019-10-23 - SQL Injection
CVSS 9.8
CVE-2019-18646 HIGH
Untangle NG <14.2.0 - Authenticated SQL Injection
CVSS 7.2
CVE-2019-3661 HIGH
McAfee Advanced Threat Defense < 4.8 - Authenticated SQL Injection via Time-Based Payloads
CVSS 8.1
CVE-2019-0393 MEDIUM
SAP Quality Management - SQL Injection
CVSS 4.3
CVE-2019-2211 HIGH
Android 8.0-10 - SQL Injection in TvProvider.java
CVSS 7.5
CVE-2019-2198 MEDIUM
Android 8.0-10 - SQL Injection in Download Provider
CVSS 5.5
CVE-2019-2196 MEDIUM
Android -8.0, -8.1, -9, -10 - SQL Injection
CVSS 5.5
CVE-2019-2195 HIGH
Android - Local Privilege Escalation via SQLite Tokenize Input Validation
CVSS 7.8
Details
Vulnerabilities 19,849
Exploit Likelihood High