CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,852 vulnerabilities with CWE-89
CVE-2019-14968 CRITICAL
imcat 4.9 - SQL Injection via index.php order Parameter
CVSS 9.8
CVE-2019-14966 HIGH
Frappe 10.0.0-12.0.3 - Authenticated SQL Injection
CVSS 8.8
CVE-2019-13462 CRITICAL
Lansweeper < 7.1.117.4 - Unauthenticated SQL Injection
CVSS 9.1
CVE-2019-14801 CRITICAL
FV Flowplayer Video Player < 7.3.15.727 - SQL Injection via Email Subscription
CVSS 9.8
CVE-2019-14234 CRITICAL
Django <1.11.23,2.1.11,2.2.4 - SQL Injection
CVSS 9.8
CVE-2019-14754 CRITICAL
Open-School 3.0 and Community Edition 2.3 - SQL Injection via Document ID Parameter
CVSS 9.8
CVE-2019-5476 CRITICAL
Nextcloud Lookup-Server < 0.3.0 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2019-14702 CRITICAL
MicroDigital N-series <6400.0.8.5 - SQL Injection
CVSS 9.8
CVE-2019-14695 CRITICAL
Sygnoos Popup Builder <3.45 - SQL Injection
CVSS 9.8
CVE-2019-14348 CRITICAL
BearDev JoomSport <3.3 - SQL Injection
CVSS 9.8
CVE-2019-14529 CRITICAL
OpenEMR < 5.0.2 - SQL Injection via eye_mag/save.php
CVSS 9.8
CVE-2019-13572 CRITICAL
WordPress Adenion Blog2Social <5.5.0 - SQL Injection
CVSS 9.8
CVE-2019-5454 CRITICAL
Nextcloud Android App < 3.0.0 - SQL Injection
CVSS 9.8
CVE-2019-13026 CRITICAL
OXID eShop 6.0.0-6.0.5 - SQL Injection via Crafted URL
CVSS 9.8
CVE-2019-14313 CRITICAL
10Web Photo Gallery <1.5.31 - SQL Injection
CVSS 9.8
CVE-2019-10141 HIGH
openstack-ironic-inspector <8.2.1 - SQL Injection
CVSS 8.3
CVE-2019-13571 CRITICAL
Vsourz Digital Advanced CF7 DB <1.6.1 - SQL Injection
CVSS 9.8
CVE-2019-9885 CRITICAL
eClass platform < ip.2.5.10.2.1 - SQL Injection
CVSS 9.8
CVE-2019-14266 HIGH
OpenSNS 6.1.0 - SQL Injection via UID Parameter
CVSS 8.8
CVE-2019-1010191 CRITICAL
marginalia < 1.6.0 - SQL Injection via User Controller Argument
CVSS 9.8
CVE-2019-1010201 MEDIUM
Jeesite 1.2.7 - Authenticated SQL Injection via updateProcInsIdByBusinessId()
CVSS 6.5
CVE-2019-13570 HIGH
AJdG AdRotate < 5.3 - SQL Injection
CVSS 7.2
CVE-2019-1010153 CRITICAL
zzcms < 8.3 - SQL Injection via zs/subzs.php
CVSS 9.8
CVE-2019-1010148 CRITICAL
zzcms < 8.3 - SQL Injection
CVSS 9.8
CVE-2019-14231 CRITICAL
Viral Quiz Maker - OnionBuzz <1.2.2 - SQL Injection
CVSS 9.8
Details
Vulnerabilities 19,852
Exploit Likelihood High