CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,852 vulnerabilities with CWE-89
CVE-2019-17419 HIGH
MetInfo 7.0 - SQL Injection via Admin User Info ID Parameter
CVSS 7.2
CVE-2019-17418 HIGH
MetInfo 7.0 - SQL Injection via admin appno Parameter
CVSS 7.2
CVE-2019-15016 HIGH
Zingbox Inspector < 1.288 - Authenticated SQL Injection
CVSS 8.8
CVE-2019-17128 HIGH
Netreo OmniCenter < 12.1.1 - Unauthenticated SQL Injection via Login Page Redirect Parameters
CVSS 7.5
CVE-2019-17370 HIGH
OTCMS v3.85 - SQL Injection and Arbitrary PHP Code Execution via Comment Manipulation
CVSS 7.2
CVE-2019-10757 CRITICAL
knex < 0.19.5 - SQL Injection via MSSQL Dialect Identifier Escaping
CVSS 9.8
CVE-2019-17271 MEDIUM
vBulletin < 5.5.4 - SQL Injection via Hook or Widget API
CVSS 4.9
CVE-2019-17298 HIGH
SugarCRM 7.9.0.0-7.9.5.0 - Authenticated SQL Injection in Administration Module
CVSS 8.8
CVE-2019-17297 HIGH
SugarCRM 7.9.0.0-7.9.5.0 - Authenticated SQL Injection in Quotes Module
CVSS 8.8
CVE-2019-17296 HIGH
SugarCRM 7.9.0.0-7.9.5.0 - Authenticated SQL Injection in Contacts Module
CVSS 8.8
CVE-2019-17295 HIGH
SugarCRM 7.9.0.0-7.9.5.0 - Authenticated SQL Injection in History Function
CVSS 8.8
CVE-2019-17294 HIGH
SugarCRM 7.9.0.0-7.9.5.0 - Authenticated SQL Injection via Export Function
CVSS 8.8
CVE-2019-17293 HIGH
SugarCRM 7.9.0.0-7.9.5.0 - Authenticated SQL Injection in pmse_Project Module
CVSS 8.8
CVE-2019-17292 HIGH
SugarCRM 7.9.0.0-7.9.5.0 - Authenticated SQL Injection in pmse_Inbox Module
CVSS 7.2
CVE-2019-17319 HIGH
SugarCRM 7.9.0.0-7.9.5.0 - Authenticated SQL Injection in Emails Module
CVSS 8.8
CVE-2019-17318 HIGH
SugarCRM 7.9.0.0-7.9.5.0 - Authenticated SQL Injection in pmse_Inbox Module
CVSS 8.8
CVE-2019-17197 CRITICAL
OpenEMR < 5.0.2 - SQL Injection in Lifestyle Demographic Filter Criteria
CVSS 9.8
CVE-2019-13957 CRITICAL
Umbraco 7.3.8 - SQL Injection via nodeName Parameter
CVSS 9.8
CVE-2019-12710 MEDIUM
Cisco Unified Communications Manager - Authenticated SQL Injection
CVSS 4.9
CVE-2019-12686 HIGH
Cisco Firepower Management Center - Authenticated SQL Injection
CVSS 8.8
CVE-2019-12685 HIGH
Cisco Firepower Management Center - Authenticated SQL Injection
CVSS 8.8
CVE-2019-12684 HIGH
Cisco Firepower Management Center - Authenticated SQL Injection
CVSS 8.8
CVE-2019-12683 HIGH
Cisco Secure Firewall Management Center - Authenticated SQL Injection
CVSS 8.8
CVE-2019-12682 HIGH
Cisco Firepower Management Center - Authenticated SQL Injection
CVSS 8.8
CVE-2019-12681 HIGH
Cisco Secure Firewall Management Center - Authenticated SQL Injection
CVSS 8.8
Details
Vulnerabilities 19,852
Exploit Likelihood High