CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,849 vulnerabilities with CWE-89
CVE-2019-19649
CRITICAL
Zoho ManageEngine Applications Manager <13620 - SQL Injection
CVSS 9.8
CVE-2019-5112
HIGH
Forma LMS 2.2.1 - SQL Injection
CVSS 8.8
CVE-2019-5111
HIGH
Forma LMS 2.2.1 - SQL Injection
CVSS 8.8
CVE-2019-5110
HIGH
Forma LMS 2.2.1 - SQL Injection
CVSS 8.8
CVE-2019-5109
HIGH
Forma LMS 2.2.1 - SQL Injection
CVSS 8.8
CVE-2019-19016
HIGH
TitanHQ WebTitan <5.18 - SQL Injection
CVSS 7.5
CVE-2019-19245
CRITICAL
NAPC Xinet Elegant 6.1.655 - SQL Injection
CVSS 9.8
CVE-2019-15300
HIGH
Centreon Web 2.8.1-2.8.29 - Authenticated SQL Injection via arId Parameter
CVSS 8.8
CVE-2019-4387
HIGH
IBM Sterling B2B Integrator Standard Edition <6.0.2.0 - SQL Injection
CVSS 8.8
CVE-2019-15995
MEDIUM
Cisco DNA Spaces: Connector - SQL Injection
CVSS 6.5
CVE-2019-15972
HIGH
Cisco Unified Communications Manager - SQL Injection
CVSS 8.8
CVE-2019-19250
CRITICAL
OpenTrade <2019-11-23 - SQL Injection
CVSS 9.8
CVE-2019-18622
CRITICAL
phpMyAdmin < 4.9.2 - SQL Injection via Designer Feature
CVSS 9.8
CVE-2019-19207
HIGH
rconfig 3.9.2 - SQL Injection via devices.php searchColumn Parameter
CVSS 8.8
CVE-2019-18890
MEDIUM
Redmine < 3.3.10 - Authenticated SQL Injection via Object Query
CVSS 6.5
CVE-2019-10766
CRITICAL
Pixie 1.0.0-1.0.2 and 2.0.0-2.0.1 - SQL Injection in limit() Function
CVSS 9.8
CVE-2019-10763
MEDIUM
pimcore < 6.3.0 - Authenticated SQL Injection via id, storeId, pageSize, or tables Parameters
CVSS 6.5
CVE-2019-19113
CRITICAL
New Bee <2019-10-23 - SQL Injection
CVSS 9.8
CVE-2019-18646
HIGH
Untangle NG <14.2.0 - Authenticated SQL Injection
CVSS 7.2
CVE-2019-3661
HIGH
McAfee Advanced Threat Defense < 4.8 - Authenticated SQL Injection via Time-Based Payloads
CVSS 8.1
CVE-2019-0393
MEDIUM
SAP Quality Management - SQL Injection
CVSS 4.3
CVE-2019-2211
HIGH
Android 8.0-10 - SQL Injection in TvProvider.java
CVSS 7.5
CVE-2019-2198
MEDIUM
Android 8.0-10 - SQL Injection in Download Provider
CVSS 5.5
CVE-2019-2196
MEDIUM
Android -8.0, -8.1, -9, -10 - SQL Injection
CVSS 5.5
CVE-2019-2195
HIGH
Android - Local Privilege Escalation via SQLite Tokenize Input Validation
CVSS 7.8
Details
Vulnerabilities
19,849
Exploit Likelihood
High