CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,852 vulnerabilities with CWE-89
CVE-2019-2198 MEDIUM
Android 8.0-10 - SQL Injection in Download Provider
CVSS 5.5
CVE-2019-2196 MEDIUM
Android -8.0, -8.1, -9, -10 - SQL Injection
CVSS 5.5
CVE-2019-2195 HIGH
Android - Local Privilege Escalation via SQLite Tokenize Input Validation
CVSS 7.8
CVE-2019-12720 HIGH
AUO SunVeillance Monitoring System < 1.1.9e - SQL Injection via mvc_send_mail.aspx MailAdd Parameter
CVSS 7.5
CVE-2019-13079 HIGH
Quest KACE Systems Management Appliance 9.1.317 - Authenticated SQL Injection via TYPE_NAME Parameter
CVSS 8.8
CVE-2019-13078 HIGH
Quest KACE Systems Management Appliance 9.1.317 - Authenticated SQL Injection via sort_column Parameter
CVSS 8.8
CVE-2019-13076 HIGH
Quest KACE Systems Management Appliance 9.1.317 - Authenticated SQL Injection via order Parameters
CVSS 8.8
CVE-2019-12918 CRITICAL
Quest KACE Systems Management Appliance 9.1.317 - SQL Injection via software_library.php order Parameters
CVSS 9.8
CVE-2019-18784 CRITICAL
SuiteCRM <7.10.21, <7.11.9 - SQL Injection
CVSS 9.8
CVE-2019-8143 MEDIUM
Magento 2.2-2.2.10 and 2.3-2.3.3 - Authenticated SQL Injection via Email Templates
CVSS 6.5
CVE-2019-8134 HIGH
Magento 2.2-2.2.9 and 2.3-2.3.2 - Authenticated SQL Injection via Email Template Variables
CVSS 8.8
CVE-2019-8130 HIGH
Magento 2.2.0-2.2.9 and 2.3.0-2.3.2 - Authenticated SQL Injection via Email Template Database Connection
CVSS 8.8
CVE-2019-8127 HIGH
Magento 2.2.0-2.2.9 and 2.3.0-2.3.2 - Authenticated SQL Injection via Newsletter Template Editing
CVSS 8.8
CVE-2019-18663 CRITICAL
ARP-GUARD 4.0.0-5 - Unauthenticated SQL Injection via user_id Parameter
CVSS 9.8
CVE-2019-18662 CRITICAL
YouPHPTube < 7.7 - SQL Injection via Live Chat Plugin Live Stream Code Parameter
CVSS 9.8
CVE-2019-6658 MEDIUM
BIG-IP AFM 12.1.0-12.1.5 - Authenticated SQL Injection
CVSS 4.3
CVE-2019-18229 MEDIUM
Advantech WISE-PaaS/RMM <= 3.3.29 - SQL Injection
CVSS 6.5
CVE-2019-5151 CRITICAL
YouPHPTube 7.7 - Unauthenticated SQL Injection
CVSS 10.0
CVE-2019-5150 HIGH
YouPHPTube 7.7 - Unauthenticated SQL Injection via VideoTags Plugin
CVSS 8.9
CVE-2019-18464 CRITICAL
MOVEit Transfer <10.2.6-11.1.3 - SQL Injection
CVSS 9.8
CVE-2019-10762 CRITICAL
medoo < 1.7.5 - SQL Injection via columnQuote
CVSS 9.8
CVE-2019-10749 CRITICAL
sequelize < 3.35.1 - SQL Injection via Postgres JSON Path Keys
CVSS 9.8
CVE-2019-10748 CRITICAL
Sequelize < 3.35.1, 4.44.3, 5.8.11 - SQL Injection via MySQL/MariaDB JSON Path Keys
CVSS 9.8
CVE-2019-10208 HIGH
PostgreSQL <9.4.24-11.5 - SQL Injection
CVSS 8.8
CVE-2019-5123 HIGH
YouPHPTube 7.6 - SQL Injection via PluginSwitch Parameter
CVSS 8.8
Details
Vulnerabilities 19,852
Exploit Likelihood High