CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,852 vulnerabilities with CWE-89
CVE-2019-11976 HIGH
HPE Intelligent Management Center < 7.3 E0506P09 - SQL Injection
CVSS 8.8
CVE-2019-11975 HIGH
HPE Intelligent Management Center PLAT < 7.3 E0506P09 - SQL Injection
CVSS 8.8
CVE-2019-11974 HIGH
HPE Intelligent Management Center PLAT < 7.3 E0506P09 - SQL Injection
CVSS 8.8
CVE-2019-11973 HIGH
HPE Intelligent Management Center PLAT < 7.3 E0506P09 - SQL Injection
CVSS 8.8
CVE-2019-11972 HIGH
HPE Intelligent Management Center < 7.3 - SQL Injection
CVSS 8.8
CVE-2019-11971 HIGH
HPE Intelligent Management Center PLAT < 7.3 E0506P09 - SQL Injection
CVSS 8.8
CVE-2019-11970 HIGH
HPE Intelligent Management Center PLAT < 7.3 E0506P09 - SQL Injection
CVSS 8.8
CVE-2019-11768 CRITICAL
phpMyAdmin <4.9.0.1 - SQL Injection
CVSS 9.8
CVE-2019-12374 HIGH
Ivanti LANDESK Management Suite <10.0.1.168 - SQL Injection
CVSS 8.1
CVE-2019-10123 CRITICAL
AIS logistic_software < 67 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2019-12372 HIGH
Petraware pTransformer ADC <2.1.7.22827 - SQL Injection
CVSS 7.8
CVE-2019-10866 CRITICAL
10web Form Maker < 1.13.3 - SQL Injection via Submissioc Parameter
CVSS 9.8
CVE-2019-10852 HIGH
Computrols CBAS < 19.0.0 - Authenticated Blind SQL Injection via id GET Parameter
CVSS 8.8
CVE-2019-12279 CRITICAL
Nagios XI 5.6.1 - SQL Injection via Username Parameter in Password Reset Form
CVSS 9.8
CVE-2019-11880 HIGH
CommSy < 8.6.5 - SQL Injection via cid Parameter
CVSS 7.5
CVE-2019-12251 HIGH
UCMS 1.4.7 - SQL Injection via cvalue Parameter
CVSS 8.8
CVE-2019-12239 HIGH
WP Booking System < 1.5.2 - Cross-Site Request Forgery
CVSS 7.2
CVE-2019-11057 HIGH
vtiger CRM < 7.1.0 hotfix3 - Authenticated SQL Injection
CVSS 8.8
CVE-2019-5934 HIGH
Cybozu Garoon 4.0.0-4.10.0 - Authenticated SQL Injection via Log Search Function
CVSS 7.2
CVE-2019-10913 CRITICAL
Symfony 2.7.0-2.7.50, 2.8.0-2.8.49, 3.0.0-3.4.25, 4.0.0-4.1.11, 4.2.0-4.2.6 - XSS via HTTP Method Override
CVSS 9.8
CVE-2019-10910 CRITICAL
Symfony 2.7.0-2.7.50, 2.8.0-2.8.49, 3.0.0-3.4.25, 4.0.0-4.1.11, 4.2.0-4.2.6 - SQLi & RCE via Service ID
CVSS 9.8
CVE-2019-1825 HIGH
Cisco Prime Infrastructure/EPN Manager - SQL Injection
CVSS 8.1
CVE-2019-1824 HIGH
Cisco Prime Infrastructure/EPN Manager - SQL Injection
CVSS 8.1
CVE-2019-10916 HIGH
SIMATIC PCS 7 < 8.0 and SIMATIC WinCC < 7.2 - SQL Injection
CVSS 8.8
CVE-2019-8923 CRITICAL
XAMPP <= 5.6.8 - SQL Injection via cds-fpdf.php jahr Parameter
CVSS 9.8
Details
Vulnerabilities 19,852
Exploit Likelihood High