CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,852 vulnerabilities with CWE-89
CVE-2019-11600 HIGH
OpenProject 5.0.0-8.3.1 - SQL Injection via Activities API ID Parameter
CVSS 8.1
CVE-2019-3797 LOW
Spring Data JPA <= 2.1.5, 2.0.13, 1.11.19 - Exposure of Sensitive Information via Derived Query Predicates
CVSS 3.5
CVE-2019-11678 CRITICAL
Zoho ManageEngine Firewall Analyzer <12.3 - SQL Injection
CVSS 9.8
CVE-2019-11625 MEDIUM
doorgets_cms 7.0 - Authenticated SQL Injection via emailingRequest.php
CVSS 4.9
CVE-2019-11623 MEDIUM
doorgets_cms 7.0 - Authenticated SQL Injection via configurationRequest.php siteweb Action
CVSS 4.9
CVE-2019-11622 MEDIUM
doorgets_cms 7.0 - Authenticated SQL Injection via modulecategory_edit_titre Parameter
CVSS 4.9
CVE-2019-11621 MEDIUM
doorgets_cms 7.0 - Authenticated SQL Injection via Network Configuration Action
CVSS 4.9
CVE-2019-11620 MEDIUM
doorgets_cms 7.0 - Authenticated SQL Injection via modulecategory_add_titre Parameter
CVSS 4.9
CVE-2019-11619 MEDIUM
doorgets_cms 7.0 - Authenticated SQL Injection via Analytics Configuration Action
CVSS 4.9
CVE-2019-11614 HIGH
doorgets_cms 7.0 - Unauthenticated SQL Injection via commentView.php
CVSS 7.5
CVE-2019-11613 MEDIUM
doorgets_cms 7.0 - Authenticated SQL Injection via contactView.php
CVSS 6.5
CVE-2019-11567 HIGH
AikCms 2.0 - SQL Injection via del Parameter
CVSS 7.2
CVE-2019-11518 HIGH
SEMCMS 3.8 - SQL Injection via SEMCMS_Inquiry.php AID[] Parameter
CVSS 7.2
CVE-2019-11469 CRITICAL
Zoho ManageEngine Apps Mgr <15 - SQL Injection
CVSS 9.8
CVE-2019-11452 HIGH
whatsns 4.0 - SQL Injection via cid[] Parameter
CVSS 7.2
CVE-2019-11451 HIGH
whatsns 4.0 - SQL Injection via index.php qid Parameter
CVSS 7.2
CVE-2019-11450 CRITICAL
whatsns 4.0 - SQL Injection via index.php title Parameter
CVSS 9.8
CVE-2019-11448 CRITICAL
Zoho ManageEngine Applications Manager <14.0 - Privilege Escalation
CVSS 9.8
CVE-2019-11362 CRITICAL
rocboss V2.2.1 - SQL Injection via Post:doReward Score Parameter
CVSS 9.8
CVE-2019-4012 CRITICAL
IBM BigFix WebUI Profile Management 6 and Software Distribution 23 - SQL Injection
CVSS 9.8
CVE-2019-11196 CRITICAL
ValuePLUS Integrated University Management System - SQLi Auth Bypass via Teachers Panel
CVSS 9.8
CVE-2019-5715 CRITICAL
SilverStripe 3.0.0-3.6.6 and 3.7.0-3.7.2 - Reflected SQL Injection via Form and DataObject
CVSS 9.8
CVE-2019-7139 CRITICAL
Magento <2.1.18-2.3.2 - SQL Injection
CVSS 9.8
CVE-2019-7001 CRITICAL
IP Office Contact Center <10.1.2.2.2-11201.1908 - SQL Injection
CVSS 9.9
CVE-2019-6506 CRITICAL
SuiteCRM < 7.8.28, 7.9.x, < 7.10.15, < 7.11.3 - SQL Injection
CVSS 9.8
Details
Vulnerabilities 19,852
Exploit Likelihood High