CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,852 vulnerabilities with CWE-89
CVE-2019-5122
HIGH
YouPHPTube 7.6 - Authenticated SQL Injection via PluginSwitch Parameter
CVSS 8.8
CVE-2019-5121
HIGH
YouPHPTube 7.6 - Authenticated SQL Injection via PluginSwitch UUID Parameter
CVSS 8.8
CVE-2019-5120
HIGH
YouPHPTube 7.6 - Authenticated SQL Injection
CVSS 8.8
CVE-2019-5119
HIGH
YouPHPTube 7.6 - Authenticated SQL Injection
CVSS 8.8
CVE-2019-5117
HIGH
YouPHPTube 7.6 - Authenticated SQL Injection
CVSS 8.8
CVE-2019-5116
HIGH
YouPHPTube 7.6 - Authenticated SQL Injection
CVSS 8.8
CVE-2019-5114
CRITICAL
YouPHPTube 7.6 - Authenticated SQL Injection
CVSS 9.9
CVE-2019-18413
LOW
class-validator < 0.14.0 - Input Validation Bypass and Cross-Site Scripting via Conflicting Attribute Names
CVSS 3.7
CVE-2019-18387
CRITICAL
Sourcecodester Hotel and Lodge Management System 1.0 - Unauthenticated SQL Injection via id Parameter
CVSS 9.8
CVE-2019-18344
CRITICAL
Sourcecodester Online Grading System 1.0 - Unauthenticated SQL Injection via id or classid Parameter
CVSS 9.8
CVE-2019-16404
HIGH
OpenEMR < 5.0.2 - Authenticated SQL Injection via providerID Parameter
CVSS 8.8
CVE-2019-16980
HIGH
FusionPBX < 4.5.7 - SQL Injection via call_broadcast_edit.php id Parameter
CVSS 8.8
CVE-2019-13409
CRITICAL
TOPMeeting < 8.8 - SQL Injection via Search Meeting Room Feature
CVSS 9.8
CVE-2019-17119
HIGH
WiKID 2FA Enterprise Server <= 4.2.0-b2053 - Authenticated SQL Injection via Logs.jsp Parameters
CVSS 8.8
CVE-2019-10752
CRITICAL
Sequelize < 4.44.3 - SQL Injection via sequelize.json() Helper Function
CVSS 9.8
CVE-2019-17117
HIGH
WiKID 2FA Enterprise Server through 4.2.0-b2053 - Authenticated SQL Injection via processPref.jsp Key Parameter
CVSS 8.8
CVE-2019-16917
HIGH
WiKID Systems two_factor_authentication_enterprise_server < 4.2.0-b2047 SQL Injection
CVSS 8.8
CVE-2019-16682
HIGH
TYPO3 - URL Redirect <1.2.1 - SQL Injection
CVSS 7.3
CVE-2019-17612
HIGH
74cms 5.2.8 - SQL Injection via Admin Ad Category Sort Parameter
CVSS 7.2
CVE-2019-17602
CRITICAL
ManageEngine OpManager < 12.4 - SQL Injection via OPMDeviceDetailsServlet
CVSS 9.8
CVE-2019-17580
CRITICAL
dormsystem < 1.3 - SQL Injection in admin.php
CVSS 9.8
CVE-2019-17553
CRITICAL
MetInfo v7.0.0 beta - SQL Injection via admin/?n=tags&c=index&a=doSaveTags URI
CVSS 9.8
CVE-2019-17552
CRITICAL
idreamsoft iCMS 7.0.14 - SQL Injection via Spider Project Upload Feature
CVSS 9.8
CVE-2019-17429
CRITICAL
adhouma_cms < 2019-10-09 - SQL Injection via post.php p_id Parameter
CVSS 9.8
CVE-2019-17072
CRITICAL
Contact Form Widget 1.0.9 - SQL Injection via all-query-page.php
CVSS 9.8
Details
Vulnerabilities
19,852
Exploit Likelihood
High