CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,852 vulnerabilities with CWE-89
CVE-2019-11600
HIGH
OpenProject 5.0.0-8.3.1 - SQL Injection via Activities API ID Parameter
CVSS 8.1
CVE-2019-3797
LOW
Spring Data JPA <= 2.1.5, 2.0.13, 1.11.19 - Exposure of Sensitive Information via Derived Query Predicates
CVSS 3.5
CVE-2019-11678
CRITICAL
Zoho ManageEngine Firewall Analyzer <12.3 - SQL Injection
CVSS 9.8
CVE-2019-11625
MEDIUM
doorgets_cms 7.0 - Authenticated SQL Injection via emailingRequest.php
CVSS 4.9
CVE-2019-11623
MEDIUM
doorgets_cms 7.0 - Authenticated SQL Injection via configurationRequest.php siteweb Action
CVSS 4.9
CVE-2019-11622
MEDIUM
doorgets_cms 7.0 - Authenticated SQL Injection via modulecategory_edit_titre Parameter
CVSS 4.9
CVE-2019-11621
MEDIUM
doorgets_cms 7.0 - Authenticated SQL Injection via Network Configuration Action
CVSS 4.9
CVE-2019-11620
MEDIUM
doorgets_cms 7.0 - Authenticated SQL Injection via modulecategory_add_titre Parameter
CVSS 4.9
CVE-2019-11619
MEDIUM
doorgets_cms 7.0 - Authenticated SQL Injection via Analytics Configuration Action
CVSS 4.9
CVE-2019-11614
HIGH
doorgets_cms 7.0 - Unauthenticated SQL Injection via commentView.php
CVSS 7.5
CVE-2019-11613
MEDIUM
doorgets_cms 7.0 - Authenticated SQL Injection via contactView.php
CVSS 6.5
CVE-2019-11567
HIGH
AikCms 2.0 - SQL Injection via del Parameter
CVSS 7.2
CVE-2019-11518
HIGH
SEMCMS 3.8 - SQL Injection via SEMCMS_Inquiry.php AID[] Parameter
CVSS 7.2
CVE-2019-11469
CRITICAL
Zoho ManageEngine Apps Mgr <15 - SQL Injection
CVSS 9.8
CVE-2019-11452
HIGH
whatsns 4.0 - SQL Injection via cid[] Parameter
CVSS 7.2
CVE-2019-11451
HIGH
whatsns 4.0 - SQL Injection via index.php qid Parameter
CVSS 7.2
CVE-2019-11450
CRITICAL
whatsns 4.0 - SQL Injection via index.php title Parameter
CVSS 9.8
CVE-2019-11448
CRITICAL
Zoho ManageEngine Applications Manager <14.0 - Privilege Escalation
CVSS 9.8
CVE-2019-11362
CRITICAL
rocboss V2.2.1 - SQL Injection via Post:doReward Score Parameter
CVSS 9.8
CVE-2019-4012
CRITICAL
IBM BigFix WebUI Profile Management 6 and Software Distribution 23 - SQL Injection
CVSS 9.8
CVE-2019-11196
CRITICAL
ValuePLUS Integrated University Management System - SQLi Auth Bypass via Teachers Panel
CVSS 9.8
CVE-2019-5715
CRITICAL
SilverStripe 3.0.0-3.6.6 and 3.7.0-3.7.2 - Reflected SQL Injection via Form and DataObject
CVSS 9.8
CVE-2019-7139
CRITICAL
Magento <2.1.18-2.3.2 - SQL Injection
CVSS 9.8
CVE-2019-7001
CRITICAL
IP Office Contact Center <10.1.2.2.2-11201.1908 - SQL Injection
CVSS 9.9
CVE-2019-6506
CRITICAL
SuiteCRM < 7.8.28, 7.9.x, < 7.10.15, < 7.11.3 - SQL Injection
CVSS 9.8
Details
Vulnerabilities
19,852
Exploit Likelihood
High