CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,852 vulnerabilities with CWE-89
CVE-2019-11976
HIGH
HPE Intelligent Management Center < 7.3 E0506P09 - SQL Injection
CVSS 8.8
CVE-2019-11975
HIGH
HPE Intelligent Management Center PLAT < 7.3 E0506P09 - SQL Injection
CVSS 8.8
CVE-2019-11974
HIGH
HPE Intelligent Management Center PLAT < 7.3 E0506P09 - SQL Injection
CVSS 8.8
CVE-2019-11973
HIGH
HPE Intelligent Management Center PLAT < 7.3 E0506P09 - SQL Injection
CVSS 8.8
CVE-2019-11972
HIGH
HPE Intelligent Management Center < 7.3 - SQL Injection
CVSS 8.8
CVE-2019-11971
HIGH
HPE Intelligent Management Center PLAT < 7.3 E0506P09 - SQL Injection
CVSS 8.8
CVE-2019-11970
HIGH
HPE Intelligent Management Center PLAT < 7.3 E0506P09 - SQL Injection
CVSS 8.8
CVE-2019-11768
CRITICAL
phpMyAdmin <4.9.0.1 - SQL Injection
CVSS 9.8
CVE-2019-12374
HIGH
Ivanti LANDESK Management Suite <10.0.1.168 - SQL Injection
CVSS 8.1
CVE-2019-10123
CRITICAL
AIS logistic_software < 67 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2019-12372
HIGH
Petraware pTransformer ADC <2.1.7.22827 - SQL Injection
CVSS 7.8
CVE-2019-10866
CRITICAL
10web Form Maker < 1.13.3 - SQL Injection via Submissioc Parameter
CVSS 9.8
CVE-2019-10852
HIGH
Computrols CBAS < 19.0.0 - Authenticated Blind SQL Injection via id GET Parameter
CVSS 8.8
CVE-2019-12279
CRITICAL
Nagios XI 5.6.1 - SQL Injection via Username Parameter in Password Reset Form
CVSS 9.8
CVE-2019-11880
HIGH
CommSy < 8.6.5 - SQL Injection via cid Parameter
CVSS 7.5
CVE-2019-12251
HIGH
UCMS 1.4.7 - SQL Injection via cvalue Parameter
CVSS 8.8
CVE-2019-12239
HIGH
WP Booking System < 1.5.2 - Cross-Site Request Forgery
CVSS 7.2
CVE-2019-11057
HIGH
vtiger CRM < 7.1.0 hotfix3 - Authenticated SQL Injection
CVSS 8.8
CVE-2019-5934
HIGH
Cybozu Garoon 4.0.0-4.10.0 - Authenticated SQL Injection via Log Search Function
CVSS 7.2
CVE-2019-10913
CRITICAL
Symfony 2.7.0-2.7.50, 2.8.0-2.8.49, 3.0.0-3.4.25, 4.0.0-4.1.11, 4.2.0-4.2.6 - XSS via HTTP Method Override
CVSS 9.8
CVE-2019-10910
CRITICAL
Symfony 2.7.0-2.7.50, 2.8.0-2.8.49, 3.0.0-3.4.25, 4.0.0-4.1.11, 4.2.0-4.2.6 - SQLi & RCE via Service ID
CVSS 9.8
CVE-2019-1825
HIGH
Cisco Prime Infrastructure/EPN Manager - SQL Injection
CVSS 8.1
CVE-2019-1824
HIGH
Cisco Prime Infrastructure/EPN Manager - SQL Injection
CVSS 8.1
CVE-2019-10916
HIGH
SIMATIC PCS 7 < 8.0 and SIMATIC WinCC < 7.2 - SQL Injection
CVSS 8.8
CVE-2019-8923
CRITICAL
XAMPP <= 5.6.8 - SQL Injection via cds-fpdf.php jahr Parameter
CVSS 9.8
Details
Vulnerabilities
19,852
Exploit Likelihood
High