CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,852 vulnerabilities with CWE-89
CVE-2019-5122 HIGH
YouPHPTube 7.6 - Authenticated SQL Injection via PluginSwitch Parameter
CVSS 8.8
CVE-2019-5121 HIGH
YouPHPTube 7.6 - Authenticated SQL Injection via PluginSwitch UUID Parameter
CVSS 8.8
CVE-2019-5120 HIGH
YouPHPTube 7.6 - Authenticated SQL Injection
CVSS 8.8
CVE-2019-5119 HIGH
YouPHPTube 7.6 - Authenticated SQL Injection
CVSS 8.8
CVE-2019-5117 HIGH
YouPHPTube 7.6 - Authenticated SQL Injection
CVSS 8.8
CVE-2019-5116 HIGH
YouPHPTube 7.6 - Authenticated SQL Injection
CVSS 8.8
CVE-2019-5114 CRITICAL
YouPHPTube 7.6 - Authenticated SQL Injection
CVSS 9.9
CVE-2019-18413 LOW
class-validator < 0.14.0 - Input Validation Bypass and Cross-Site Scripting via Conflicting Attribute Names
CVSS 3.7
CVE-2019-18387 CRITICAL
Sourcecodester Hotel and Lodge Management System 1.0 - Unauthenticated SQL Injection via id Parameter
CVSS 9.8
CVE-2019-18344 CRITICAL
Sourcecodester Online Grading System 1.0 - Unauthenticated SQL Injection via id or classid Parameter
CVSS 9.8
CVE-2019-16404 HIGH
OpenEMR < 5.0.2 - Authenticated SQL Injection via providerID Parameter
CVSS 8.8
CVE-2019-16980 HIGH
FusionPBX < 4.5.7 - SQL Injection via call_broadcast_edit.php id Parameter
CVSS 8.8
CVE-2019-13409 CRITICAL
TOPMeeting < 8.8 - SQL Injection via Search Meeting Room Feature
CVSS 9.8
CVE-2019-17119 HIGH
WiKID 2FA Enterprise Server <= 4.2.0-b2053 - Authenticated SQL Injection via Logs.jsp Parameters
CVSS 8.8
CVE-2019-10752 CRITICAL
Sequelize < 4.44.3 - SQL Injection via sequelize.json() Helper Function
CVSS 9.8
CVE-2019-17117 HIGH
WiKID 2FA Enterprise Server through 4.2.0-b2053 - Authenticated SQL Injection via processPref.jsp Key Parameter
CVSS 8.8
CVE-2019-16917 HIGH
WiKID Systems two_factor_authentication_enterprise_server < 4.2.0-b2047 SQL Injection
CVSS 8.8
CVE-2019-16682 HIGH
TYPO3 - URL Redirect <1.2.1 - SQL Injection
CVSS 7.3
CVE-2019-17612 HIGH
74cms 5.2.8 - SQL Injection via Admin Ad Category Sort Parameter
CVSS 7.2
CVE-2019-17602 CRITICAL
ManageEngine OpManager < 12.4 - SQL Injection via OPMDeviceDetailsServlet
CVSS 9.8
CVE-2019-17580 CRITICAL
dormsystem < 1.3 - SQL Injection in admin.php
CVSS 9.8
CVE-2019-17553 CRITICAL
MetInfo v7.0.0 beta - SQL Injection via admin/?n=tags&c=index&a=doSaveTags URI
CVSS 9.8
CVE-2019-17552 CRITICAL
idreamsoft iCMS 7.0.14 - SQL Injection via Spider Project Upload Feature
CVSS 9.8
CVE-2019-17429 CRITICAL
adhouma_cms < 2019-10-09 - SQL Injection via post.php p_id Parameter
CVSS 9.8
CVE-2019-17072 CRITICAL
Contact Form Widget 1.0.9 - SQL Injection via all-query-page.php
CVSS 9.8
Details
Vulnerabilities 19,852
Exploit Likelihood High