CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,852 vulnerabilities with CWE-89
CVE-2019-13373
CRITICAL
D-Link Central WiFiManager - SQL Injection via dbSQL Parameter
CVSS 9.8
CVE-2019-13292
CRITICAL
webERP 4.15 - SQL Injection via Payments.php Base64 Deserialization
CVSS 9.8
CVE-2019-13275
CRITICAL
VeronaLabs wp-statistics < 12.6.7 - Unauthenticated Blind SQL Injection via v1/hit Endpoint
CVSS 9.8
CVE-2019-12850
CRITICAL
JetBrains YouTrack < 2018.4.49168 - SQL Injection
CVSS 9.8
CVE-2019-12570
HIGH
Server Status by Hostname/IP 4.6 - Authenticated SQL Injection via GET Parameters
CVSS 8.8
CVE-2019-13086
CRITICAL
CSZ CMS < 1.2.2 - SQL Injection via HTTP User-Agent Header
CVSS 9.8
CVE-2019-11821
HIGH
Synology Photo Station <6.8.11-3489, <6.3-2977 - SQL Injection
CVSS 7.3
CVE-2019-9846
HIGH
RockOA < 1.8.7 - SQL Injection via pidfields and idfields Parameters
CVSS 8.8
CVE-2019-9039
CRITICAL
Couchbase Sync Gateway < 2.5.0 - SQL Injection via _all_docs Endpoint Parameters
CVSS 9.8
CVE-2019-4224
HIGH
IBM PureApplication System 2.2.3.0-2.2.5.3 - SQL Injection
CVSS 8.8
CVE-2019-12960
CRITICAL
LiveZilla < 8.0.1.1 - SQL Injection via p_dt_s_d Parameter
CVSS 9.8
CVE-2019-12939
CRITICAL
LiveZilla < 8.0.1.1 - SQL Injection via p_ext_rse Parameter
CVSS 9.8
CVE-2019-12872
HIGH
dotcms < 5.1.6 - Authenticated SQL Injection via view_unpushed_bundles.jsp
CVSS 7.2
CVE-2019-12149
CRITICAL
silverstripe/restfulserver < 1.0.9, 2.0.4, 2.1.2 and silverstripe/registry < 2.1.1, 2.2.1 - SQL Injection
CVSS 9.8
CVE-2019-9087
CRITICAL
HotelDruid < 2.3.1 - SQL Injection via numtariffa1 Parameter
CVSS 9.8
CVE-2019-9086
CRITICAL
HotelDruid < 2.3.1 - SQL Injection via anno Parameter
CVSS 9.8
CVE-2019-12601
CRITICAL
SuiteCRM 7.8.0-7.8.5, 7.8.6-7.8.11 - SQL Injection
CVSS 9.8
CVE-2019-12600
CRITICAL
SuiteCRM 7.8.0-7.8.4, 7.8.6-7.8.10, 7.8.0-7.8.29, 7.10.0-7.10.16, 7.11.0-7.11.4 - SQL Injection
CVSS 9.8
CVE-2019-12599
CRITICAL
SuiteCRM 7.10.0-7.10.16 and 7.11.0-7.11.4 - SQL Injection
CVSS 9.8
CVE-2019-12598
CRITICAL
SuiteCRM 7.8.0-7.8.4, 7.8.6-7.8.10, 7.10.0-7.10.16, 7.11.0-7.11.4 - SQL Injection
CVSS 9.8
CVE-2019-12196
CRITICAL
Zoho ManageEngine NetFlow Analyzer 12.3 - SQL Injection
CVSS 9.8
CVE-2019-11984
HIGH
HPE Intelligent Management Center PLAT < 7.3 E0506P09 - SQL Injection
CVSS 8.8
CVE-2019-11979
HIGH
HPE Intelligent Management Center PLAT < 7.3 E0506P09 - SQL Injection
CVSS 8.8
CVE-2019-11978
HIGH
HPE Intelligent Management Center < 7.3 E0506P09 - SQL Injection
CVSS 8.8
CVE-2019-11977
HIGH
HPE Intelligent Management Center < 7.3 E0506P09 - SQL Injection
CVSS 8.8
Details
Vulnerabilities
19,852
Exploit Likelihood
High