CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,852 vulnerabilities with CWE-89
CVE-2019-17419
HIGH
MetInfo 7.0 - SQL Injection via Admin User Info ID Parameter
CVSS 7.2
CVE-2019-17418
HIGH
MetInfo 7.0 - SQL Injection via admin appno Parameter
CVSS 7.2
CVE-2019-15016
HIGH
Zingbox Inspector < 1.288 - Authenticated SQL Injection
CVSS 8.8
CVE-2019-17128
HIGH
Netreo OmniCenter < 12.1.1 - Unauthenticated SQL Injection via Login Page Redirect Parameters
CVSS 7.5
CVE-2019-17370
HIGH
OTCMS v3.85 - SQL Injection and Arbitrary PHP Code Execution via Comment Manipulation
CVSS 7.2
CVE-2019-10757
CRITICAL
knex < 0.19.5 - SQL Injection via MSSQL Dialect Identifier Escaping
CVSS 9.8
CVE-2019-17271
MEDIUM
vBulletin < 5.5.4 - SQL Injection via Hook or Widget API
CVSS 4.9
CVE-2019-17298
HIGH
SugarCRM 7.9.0.0-7.9.5.0 - Authenticated SQL Injection in Administration Module
CVSS 8.8
CVE-2019-17297
HIGH
SugarCRM 7.9.0.0-7.9.5.0 - Authenticated SQL Injection in Quotes Module
CVSS 8.8
CVE-2019-17296
HIGH
SugarCRM 7.9.0.0-7.9.5.0 - Authenticated SQL Injection in Contacts Module
CVSS 8.8
CVE-2019-17295
HIGH
SugarCRM 7.9.0.0-7.9.5.0 - Authenticated SQL Injection in History Function
CVSS 8.8
CVE-2019-17294
HIGH
SugarCRM 7.9.0.0-7.9.5.0 - Authenticated SQL Injection via Export Function
CVSS 8.8
CVE-2019-17293
HIGH
SugarCRM 7.9.0.0-7.9.5.0 - Authenticated SQL Injection in pmse_Project Module
CVSS 8.8
CVE-2019-17292
HIGH
SugarCRM 7.9.0.0-7.9.5.0 - Authenticated SQL Injection in pmse_Inbox Module
CVSS 7.2
CVE-2019-17319
HIGH
SugarCRM 7.9.0.0-7.9.5.0 - Authenticated SQL Injection in Emails Module
CVSS 8.8
CVE-2019-17318
HIGH
SugarCRM 7.9.0.0-7.9.5.0 - Authenticated SQL Injection in pmse_Inbox Module
CVSS 8.8
CVE-2019-17197
CRITICAL
OpenEMR < 5.0.2 - SQL Injection in Lifestyle Demographic Filter Criteria
CVSS 9.8
CVE-2019-13957
CRITICAL
Umbraco 7.3.8 - SQL Injection via nodeName Parameter
CVSS 9.8
CVE-2019-12710
MEDIUM
Cisco Unified Communications Manager - Authenticated SQL Injection
CVSS 4.9
CVE-2019-12686
HIGH
Cisco Firepower Management Center - Authenticated SQL Injection
CVSS 8.8
CVE-2019-12685
HIGH
Cisco Firepower Management Center - Authenticated SQL Injection
CVSS 8.8
CVE-2019-12684
HIGH
Cisco Firepower Management Center - Authenticated SQL Injection
CVSS 8.8
CVE-2019-12683
HIGH
Cisco Secure Firewall Management Center - Authenticated SQL Injection
CVSS 8.8
CVE-2019-12682
HIGH
Cisco Firepower Management Center - Authenticated SQL Injection
CVSS 8.8
CVE-2019-12681
HIGH
Cisco Secure Firewall Management Center - Authenticated SQL Injection
CVSS 8.8
Details
Vulnerabilities
19,852
Exploit Likelihood
High