CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,852 vulnerabilities with CWE-89
CVE-2019-2198
MEDIUM
Android 8.0-10 - SQL Injection in Download Provider
CVSS 5.5
CVE-2019-2196
MEDIUM
Android -8.0, -8.1, -9, -10 - SQL Injection
CVSS 5.5
CVE-2019-2195
HIGH
Android - Local Privilege Escalation via SQLite Tokenize Input Validation
CVSS 7.8
CVE-2019-12720
HIGH
AUO SunVeillance Monitoring System < 1.1.9e - SQL Injection via mvc_send_mail.aspx MailAdd Parameter
CVSS 7.5
CVE-2019-13079
HIGH
Quest KACE Systems Management Appliance 9.1.317 - Authenticated SQL Injection via TYPE_NAME Parameter
CVSS 8.8
CVE-2019-13078
HIGH
Quest KACE Systems Management Appliance 9.1.317 - Authenticated SQL Injection via sort_column Parameter
CVSS 8.8
CVE-2019-13076
HIGH
Quest KACE Systems Management Appliance 9.1.317 - Authenticated SQL Injection via order Parameters
CVSS 8.8
CVE-2019-12918
CRITICAL
Quest KACE Systems Management Appliance 9.1.317 - SQL Injection via software_library.php order Parameters
CVSS 9.8
CVE-2019-18784
CRITICAL
SuiteCRM <7.10.21, <7.11.9 - SQL Injection
CVSS 9.8
CVE-2019-8143
MEDIUM
Magento 2.2-2.2.10 and 2.3-2.3.3 - Authenticated SQL Injection via Email Templates
CVSS 6.5
CVE-2019-8134
HIGH
Magento 2.2-2.2.9 and 2.3-2.3.2 - Authenticated SQL Injection via Email Template Variables
CVSS 8.8
CVE-2019-8130
HIGH
Magento 2.2.0-2.2.9 and 2.3.0-2.3.2 - Authenticated SQL Injection via Email Template Database Connection
CVSS 8.8
CVE-2019-8127
HIGH
Magento 2.2.0-2.2.9 and 2.3.0-2.3.2 - Authenticated SQL Injection via Newsletter Template Editing
CVSS 8.8
CVE-2019-18663
CRITICAL
ARP-GUARD 4.0.0-5 - Unauthenticated SQL Injection via user_id Parameter
CVSS 9.8
CVE-2019-18662
CRITICAL
YouPHPTube < 7.7 - SQL Injection via Live Chat Plugin Live Stream Code Parameter
CVSS 9.8
CVE-2019-6658
MEDIUM
BIG-IP AFM 12.1.0-12.1.5 - Authenticated SQL Injection
CVSS 4.3
CVE-2019-18229
MEDIUM
Advantech WISE-PaaS/RMM <= 3.3.29 - SQL Injection
CVSS 6.5
CVE-2019-5151
CRITICAL
YouPHPTube 7.7 - Unauthenticated SQL Injection
CVSS 10.0
CVE-2019-5150
HIGH
YouPHPTube 7.7 - Unauthenticated SQL Injection via VideoTags Plugin
CVSS 8.9
CVE-2019-18464
CRITICAL
MOVEit Transfer <10.2.6-11.1.3 - SQL Injection
CVSS 9.8
CVE-2019-10762
CRITICAL
medoo < 1.7.5 - SQL Injection via columnQuote
CVSS 9.8
CVE-2019-10749
CRITICAL
sequelize < 3.35.1 - SQL Injection via Postgres JSON Path Keys
CVSS 9.8
CVE-2019-10748
CRITICAL
Sequelize < 3.35.1, 4.44.3, 5.8.11 - SQL Injection via MySQL/MariaDB JSON Path Keys
CVSS 9.8
CVE-2019-10208
HIGH
PostgreSQL <9.4.24-11.5 - SQL Injection
CVSS 8.8
CVE-2019-5123
HIGH
YouPHPTube 7.6 - SQL Injection via PluginSwitch Parameter
CVSS 8.8
Details
Vulnerabilities
19,852
Exploit Likelihood
High