CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,852 vulnerabilities with CWE-89
CVE-2019-14230
CRITICAL
Viral Quiz Maker - OnionBuzz <1.2.7 - SQL Injection
CVSS 9.8
CVE-2019-13569
CRITICAL
Icegram Email Subscribers & Newsletters <4.1.7 - SQL Injection
CVSS 9.8
CVE-2019-12193
CRITICAL
H3C H3Cloud OS - SQL Injection via ear/grid_event sidx Parameter
CVSS 9.8
CVE-2019-12946
HIGH
elcom CMS < 10.7 - SQL Injection via EventSearchByState.aspx and EventSearchAdv.aspx
CVSS 7.5
CVE-2019-13978
HIGH
Ovidentia 8.4.3 - SQL Injection via id Parameter
CVSS 8.8
CVE-2019-13969
HIGH
Metinfo 6.0.0-6.1.9 - Authenticated SQL Injection via id Parameter
CVSS 8.8
CVE-2019-1010248
CRITICAL
Synetics GmbH I-doit <1.12 - SQL Injection
CVSS 9.8
CVE-2019-1010259
CRITICAL
SaltStack Salt <2019.2 - SQL Injection
CVSS 9.8
CVE-2019-1010104
CRITICAL
TechyTalk Quick Chat - SQL Injection
CVSS 9.8
CVE-2019-13575
CRITICAL
WPEverest Everest Forms <1.4.9 - SQL Injection
CVSS 9.8
CVE-2019-1942
MEDIUM
Cisco Identity Services Engine < 2.6.0 - Authenticated SQL Injection
CVSS 4.3
CVE-2019-13447
CRITICAL
Sertek Xpare 3.67 - SQL Injection via Login Form
CVSS 9.8
CVE-2019-13573
CRITICAL
FolioVision FV Flowplayer Video Player <7.3.19.727 - SQL Injection
CVSS 9.8
CVE-2019-12989
CRITICAL
KEV
Citrix SD-WAN 10.2.0-10.2.2 and NetScaler SD-WAN 10.0.0-10.0.7 - SQL Injection
CVSS 9.8
CVE-2019-1010034
MEDIUM
Deepwoods Software WebLibrarian <3.5.2 - SQL Injection
CVSS 6.5
CVE-2019-13027
CRITICAL
Concerto Critical Chain Planner 5.10.8071 SQLi via taskupdt/taskdetails.aspx
CVSS 9.8
CVE-2019-7003
CRITICAL
Avaya Control Manager <8.0.4.0 - SQL Injection
CVSS 10.0
CVE-2019-13507
CRITICAL
hidea AZ Admin 1.0 - SQL Injection via news_det.php cod Parameter
CVSS 9.8
CVE-2019-12838
CRITICAL
SchedMD Slurm 17.11.x 18.08.0-18.08.7 19.05.0 - SQL Injection
CVSS 9.8
CVE-2019-13489
CRITICAL
trape < 2019-05-08 - SQL Injection via data[2] Variable
CVSS 9.8
CVE-2019-10653
CRITICAL
Hsycms V1.1 - SQL Injection via News Page
CVSS 9.8
CVE-2019-12723
CRITICAL
Teclib Fields < 1.9.2 - Unauthenticated SQL Injection via container_id and old_order Parameters
CVSS 9.8
CVE-2019-11512
CRITICAL
Contao <4.4.39, <4.7.5 - SQL Injection
CVSS 9.8
CVE-2019-13413
CRITICAL
Rencontre < 3.1.3 - SQL Injection via rencontre_widget.php
CVSS 9.8
CVE-2019-13375
CRITICAL
D-Link Central WiFiManager < 1.03R0100_BETA6 - Unauthenticated SQL Injection via PayAction.class.php passcode Parameter
CVSS 9.8
Details
Vulnerabilities
19,852
Exploit Likelihood
High