CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,852 vulnerabilities with CWE-89
CVE-2019-15570
CRITICAL
BEdita < 4.0.0 - SQL Injection via Relation Save Operation
CVSS 9.8
CVE-2019-15569
CRITICAL
HM Courts & Tribunals ccd-data-store-api < 2019-06-10 - SQL Injection via SearchQueryFactoryOperation.java
CVSS 9.8
CVE-2019-15568
CRITICAL
idseq-web < 2019-07-01 - SQL Injection via tax_levels
CVSS 9.8
CVE-2019-15567
CRITICAL
OpenForis Arena < 2019-05-07 - SQL Injection via Sorting Feature
CVSS 9.8
CVE-2019-15566
CRITICAL
Alfresco < 1.8.7 - SQL Injection in HistorySearchProvider
CVSS 9.8
CVE-2019-15565
CRITICAL
webimpacto icommktconnector < 1.0.7 - SQL Injection in icommktconnector.php
CVSS 9.8
CVE-2019-15564
CRITICAL
Compassion Switzerland 10.01.4 - SQL Injection in Partner Compassion Model
CVSS 9.8
CVE-2019-15563
CRITICAL
OHDSI WebAPI < 2.7.2 - SQL Injection in FeatureExtractionService
CVSS 9.8
CVE-2019-15562
CRITICAL
gorm < 1.9.10 - SQL Injection via Incomplete Parentheses
CVSS 9.8
CVE-2019-15561
CRITICAL
flashlingo < 2019-06-12 - SQL Injection via flashlingo.js and db.js
CVSS 9.8
CVE-2019-15556
CRITICAL
social_network < 2019-07-03 - SQL Injection in register_handler.php
CVSS 9.8
CVE-2019-15534
CRITICAL
raml-module-builder 26.4.0 - SQL Injection in PostgresClient.update
CVSS 9.8
CVE-2019-15537
CRITICAL
CESNET proxystatistics < 3.1.0 - SQL Injection in DatabaseCommand.php
CVSS 9.8
CVE-2019-15536
CRITICAL
Acclaim < 2019-06-26 - SQL Injection via delete_records
CVSS 9.8
CVE-2019-15535
CRITICAL
hostosm/tasking_manager < 3.4.0 - SQL Injection via Custom SQL
CVSS 9.8
CVE-2019-12385
HIGH
Ampache < 3.9.1 - Unauthenticated SQL Injection via Search Engine
CVSS 8.8
CVE-2019-10687
CRITICAL
KBPublisher 6.0.2.1 - SQL Injection via entry_id or id Parameter
CVSS 9.8
CVE-2019-4483
CRITICAL
IBM Contract Management <10.1.4 - SQL Injection
CVSS 9.8
CVE-2019-4481
CRITICAL
IBM Contract Management <10.1.3 - SQL Injection
CVSS 9.8
CVE-2019-14430
MEDIUM
YouPHPTube < 7.2 - SQL Injection in AuditTable.php
CVSS 5.3
CVE-2019-14937
HIGH
REDCap 8.11.5-9.2.9 - Time-Based SQL Injection via Calendar Event cal_id Parameter
CVSS 7.5
CVE-2019-15105
HIGH
ManageEngine Applications Manager < 14.2 - SQL Injection via NewThresholdConfiguration.jsp resourceid Parameter
CVSS 8.8
CVE-2019-15104
HIGH
ManageEngine Applications Manager 12.0-13.9 - SQL Injection via NewThresholdConfiguration.jsp resourceid Parameter
CVSS 8.8
CVE-2019-13578
CRITICAL
Impress GiveWP Give <2.5.0 - SQL Injection
CVSS 9.8
CVE-2019-15025
CRITICAL
ninjaforms < 3.3.21.2 - SQL Injection via Submissions Page Search Filter
CVSS 9.8
Details
Vulnerabilities
19,852
Exploit Likelihood
High