CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,852 vulnerabilities with CWE-89
CVE-2019-14968
CRITICAL
imcat 4.9 - SQL Injection via index.php order Parameter
CVSS 9.8
CVE-2019-14966
HIGH
Frappe 10.0.0-12.0.3 - Authenticated SQL Injection
CVSS 8.8
CVE-2019-13462
CRITICAL
Lansweeper < 7.1.117.4 - Unauthenticated SQL Injection
CVSS 9.1
CVE-2019-14801
CRITICAL
FV Flowplayer Video Player < 7.3.15.727 - SQL Injection via Email Subscription
CVSS 9.8
CVE-2019-14234
CRITICAL
Django <1.11.23,2.1.11,2.2.4 - SQL Injection
CVSS 9.8
CVE-2019-14754
CRITICAL
Open-School 3.0 and Community Edition 2.3 - SQL Injection via Document ID Parameter
CVSS 9.8
CVE-2019-5476
CRITICAL
Nextcloud Lookup-Server < 0.3.0 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2019-14702
CRITICAL
MicroDigital N-series <6400.0.8.5 - SQL Injection
CVSS 9.8
CVE-2019-14695
CRITICAL
Sygnoos Popup Builder <3.45 - SQL Injection
CVSS 9.8
CVE-2019-14348
CRITICAL
BearDev JoomSport <3.3 - SQL Injection
CVSS 9.8
CVE-2019-14529
CRITICAL
OpenEMR < 5.0.2 - SQL Injection via eye_mag/save.php
CVSS 9.8
CVE-2019-13572
CRITICAL
WordPress Adenion Blog2Social <5.5.0 - SQL Injection
CVSS 9.8
CVE-2019-5454
CRITICAL
Nextcloud Android App < 3.0.0 - SQL Injection
CVSS 9.8
CVE-2019-13026
CRITICAL
OXID eShop 6.0.0-6.0.5 - SQL Injection via Crafted URL
CVSS 9.8
CVE-2019-14313
CRITICAL
10Web Photo Gallery <1.5.31 - SQL Injection
CVSS 9.8
CVE-2019-10141
HIGH
openstack-ironic-inspector <8.2.1 - SQL Injection
CVSS 8.3
CVE-2019-13571
CRITICAL
Vsourz Digital Advanced CF7 DB <1.6.1 - SQL Injection
CVSS 9.8
CVE-2019-9885
CRITICAL
eClass platform < ip.2.5.10.2.1 - SQL Injection
CVSS 9.8
CVE-2019-14266
HIGH
OpenSNS 6.1.0 - SQL Injection via UID Parameter
CVSS 8.8
CVE-2019-1010191
CRITICAL
marginalia < 1.6.0 - SQL Injection via User Controller Argument
CVSS 9.8
CVE-2019-1010201
MEDIUM
Jeesite 1.2.7 - Authenticated SQL Injection via updateProcInsIdByBusinessId()
CVSS 6.5
CVE-2019-13570
HIGH
AJdG AdRotate < 5.3 - SQL Injection
CVSS 7.2
CVE-2019-1010153
CRITICAL
zzcms < 8.3 - SQL Injection via zs/subzs.php
CVSS 9.8
CVE-2019-1010148
CRITICAL
zzcms < 8.3 - SQL Injection
CVSS 9.8
CVE-2019-14231
CRITICAL
Viral Quiz Maker - OnionBuzz <1.2.2 - SQL Injection
CVSS 9.8
Details
Vulnerabilities
19,852
Exploit Likelihood
High