CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,852 vulnerabilities with CWE-89
CVE-2019-13373 CRITICAL
D-Link Central WiFiManager - SQL Injection via dbSQL Parameter
CVSS 9.8
CVE-2019-13292 CRITICAL
webERP 4.15 - SQL Injection via Payments.php Base64 Deserialization
CVSS 9.8
CVE-2019-13275 CRITICAL
VeronaLabs wp-statistics < 12.6.7 - Unauthenticated Blind SQL Injection via v1/hit Endpoint
CVSS 9.8
CVE-2019-12850 CRITICAL
JetBrains YouTrack < 2018.4.49168 - SQL Injection
CVSS 9.8
CVE-2019-12570 HIGH
Server Status by Hostname/IP 4.6 - Authenticated SQL Injection via GET Parameters
CVSS 8.8
CVE-2019-13086 CRITICAL
CSZ CMS < 1.2.2 - SQL Injection via HTTP User-Agent Header
CVSS 9.8
CVE-2019-11821 HIGH
Synology Photo Station <6.8.11-3489, <6.3-2977 - SQL Injection
CVSS 7.3
CVE-2019-9846 HIGH
RockOA < 1.8.7 - SQL Injection via pidfields and idfields Parameters
CVSS 8.8
CVE-2019-9039 CRITICAL
Couchbase Sync Gateway < 2.5.0 - SQL Injection via _all_docs Endpoint Parameters
CVSS 9.8
CVE-2019-4224 HIGH
IBM PureApplication System 2.2.3.0-2.2.5.3 - SQL Injection
CVSS 8.8
CVE-2019-12960 CRITICAL
LiveZilla < 8.0.1.1 - SQL Injection via p_dt_s_d Parameter
CVSS 9.8
CVE-2019-12939 CRITICAL
LiveZilla < 8.0.1.1 - SQL Injection via p_ext_rse Parameter
CVSS 9.8
CVE-2019-12872 HIGH
dotcms < 5.1.6 - Authenticated SQL Injection via view_unpushed_bundles.jsp
CVSS 7.2
CVE-2019-12149 CRITICAL
silverstripe/restfulserver < 1.0.9, 2.0.4, 2.1.2 and silverstripe/registry < 2.1.1, 2.2.1 - SQL Injection
CVSS 9.8
CVE-2019-9087 CRITICAL
HotelDruid < 2.3.1 - SQL Injection via numtariffa1 Parameter
CVSS 9.8
CVE-2019-9086 CRITICAL
HotelDruid < 2.3.1 - SQL Injection via anno Parameter
CVSS 9.8
CVE-2019-12601 CRITICAL
SuiteCRM 7.8.0-7.8.5, 7.8.6-7.8.11 - SQL Injection
CVSS 9.8
CVE-2019-12600 CRITICAL
SuiteCRM 7.8.0-7.8.4, 7.8.6-7.8.10, 7.8.0-7.8.29, 7.10.0-7.10.16, 7.11.0-7.11.4 - SQL Injection
CVSS 9.8
CVE-2019-12599 CRITICAL
SuiteCRM 7.10.0-7.10.16 and 7.11.0-7.11.4 - SQL Injection
CVSS 9.8
CVE-2019-12598 CRITICAL
SuiteCRM 7.8.0-7.8.4, 7.8.6-7.8.10, 7.10.0-7.10.16, 7.11.0-7.11.4 - SQL Injection
CVSS 9.8
CVE-2019-12196 CRITICAL
Zoho ManageEngine NetFlow Analyzer 12.3 - SQL Injection
CVSS 9.8
CVE-2019-11984 HIGH
HPE Intelligent Management Center PLAT < 7.3 E0506P09 - SQL Injection
CVSS 8.8
CVE-2019-11979 HIGH
HPE Intelligent Management Center PLAT < 7.3 E0506P09 - SQL Injection
CVSS 8.8
CVE-2019-11978 HIGH
HPE Intelligent Management Center < 7.3 E0506P09 - SQL Injection
CVSS 8.8
CVE-2019-11977 HIGH
HPE Intelligent Management Center < 7.3 E0506P09 - SQL Injection
CVSS 8.8
Details
Vulnerabilities 19,852
Exploit Likelihood High