CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,852 vulnerabilities with CWE-89
CVE-2019-10708
CRITICAL
S-CMS PHP 1.0 - SQL Injection via scms.php id Parameter
CVSS 9.8
CVE-2019-10707
CRITICAL
MKCMS V5.0 - SQL Injection via bplay.php Play Parameter
CVSS 9.8
CVE-2019-10692
CRITICAL
WP Go Maps < 7.11.18 - SQL Injection via REST API Field Name
CVSS 9.8
CVE-2019-9759
CRITICAL
TONGDA Office Anywhere <10.18.190121 - SQL Injection
CVSS 9.8
CVE-2019-3792
MEDIUM
Concourse < 5.0.1 - SQL Injection via Crafted Version Identifier
CVSS 6.8
CVE-2019-10664
CRITICAL
domoticz < 4.10578 - Unauthenticated SQL Injection via idx Parameter in CWebServer::GetFloorplanImage
CVSS 9.8
CVE-2019-10663
HIGH
Grandstream UCM6204 Firmware < 1.0.19.20 - Authenticated SQL Injection via sord Parameter
CVSS 8.8
CVE-2019-9918
CRITICAL
Harmis JE Messenger 1.2.2 - SQL Injection
CVSS 9.1
CVE-2019-10262
CRITICAL
BlueCMS 1.6 - SQL Injection via ad_id Parameter
CVSS 9.8
CVE-2019-9204
CRITICAL
Nagios IM < 2.2.7 - SQL Injection
CVSS 9.8
CVE-2019-9165
CRITICAL
Nagios XI < 5.5.11 - SQL Injection via Fusekeys API
CVSS 9.8
CVE-2019-10232
CRITICAL
Teclib GLPI < 9.3.3 - SQL Injection via Cycle Parameter
CVSS 9.8
CVE-2019-9053
HIGH
CMS Made Simple 2.2.8 - Unauthenticated Blind SQL Injection via News Module m1_idlist Parameter
CVSS 8.1
CVE-2019-6491
HIGH
RISI Gestao de Horarios v3201.09.08 rev.23 - SQL Injection
CVSS 8.8
CVE-2019-9083
CRITICAL
SQLiteManager 1.20 and 1.24 - SQL Injection via dbsel Parameter
CVSS 9.8
CVE-2019-5722
CRITICAL
portier 4.4.4.2-4.4.4.6 - SQL Injection via Login and Key Ring Search Parameters
CVSS 9.8
CVE-2019-9762
CRITICAL
PHPSHE 1.7 - Unauthenticated SQL Injection via Alipay Payment Plugin id Parameter
CVSS 9.8
CVE-2019-9693
HIGH
CMS Made Simple < 2.2.10 - Authenticated SQL Injection via show_id and picture_id Parameters
CVSS 8.8
CVE-2019-9626
CRITICAL
PHPSHE 1.7 - SQL Injection via pintuan_id Parameter
CVSS 9.8
CVE-2019-9615
HIGH
ofcms < 1.1.3 - SQL Injection via SystemGenerateController
CVSS 7.2
CVE-2019-9594
CRITICAL
BlueCMS 1.6 - SQL Injection via user_id Parameter
CVSS 9.8
CVE-2019-4032
CRITICAL
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.1.0 - SQL Injection
CVSS 9.8
CVE-2019-9568
MEDIUM
Forminator Contact Form, Poll & Quiz Builder <1.6 - SQL Injection
CVSS 6.5
CVE-2019-9566
CRITICAL
FlarumChina v0.1.0-beta.7C - SQL Injection
CVSS 9.8
CVE-2019-9184
CRITICAL
J2Store 3.3.0-3.3.6 - SQL Injection via product_option[] Parameter
CVSS 9.8
Details
Vulnerabilities
19,852
Exploit Likelihood
High