CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,852 vulnerabilities with CWE-89
CVE-2019-9047
CRITICAL
GoRose 1.0.4 - SQL Injection via Order By or Group By Parameter
CVSS 9.8
CVE-2019-8979
CRITICAL
Kohana < 3.3.6 - SQL Injection via order_by Parameter
CVSS 9.8
CVE-2019-7164
CRITICAL
SQLAlchemy <1.2.18, <1.3.0b3 - SQL Injection
CVSS 9.8
CVE-2019-8429
CRITICAL
ZoneMinder < 1.32.3 - SQL Injection via ajax/status.php filter[Query][terms][0][cnj] Parameter
CVSS 9.8
CVE-2019-8428
CRITICAL
ZoneMinder < 1.32.3 - SQL Injection via skins/classic/views/control.php groupSql Parameter
CVSS 9.8
CVE-2019-8424
CRITICAL
ZoneMinder < 1.32.3 - SQL Injection via ajax/status.php sort Parameter
CVSS 9.8
CVE-2019-8423
CRITICAL
ZoneMinder < 1.32.3 - SQL Injection via Events Filter Parameter
CVSS 9.8
CVE-2019-8422
HIGH
PbootCMS 1.3.2 - SQL Injection via Description Parameter
CVSS 7.2
CVE-2019-8421
HIGH
BageCMS < 3.1.4 - SQL Injection via title or titleAlias Parameter
CVSS 7.2
CVE-2019-8393
CRITICAL
Hotels_Server < 2018-11-05 - SQL Injection via Telephone Parameter
CVSS 9.8
CVE-2019-8360
CRITICAL
Themerig Find a Place CMS Directory 1.5 - SQL Injection via cate Parameter
CVSS 9.8
CVE-2019-7587
CRITICAL
Bo-blog Wind <1.6.0-r - SQL Injection
CVSS 9.8
CVE-2019-7585
CRITICAL
Waimai Super Cms <20150505 - SQL Injection
CVSS 9.8
CVE-2019-7568
CRITICAL
baijiacms V4 - Time-Based Blind SQL Injection via cate Parameter
CVSS 9.8
CVE-2019-7548
HIGH
SQLAlchemy 1.2.17 - SQL Injection via group_by Parameter
CVSS 7.8
CVE-2019-6523
CRITICAL
Advantech WebAccess/SCADA 8.3 - SQL Injection
CVSS 9.8
CVE-2019-1000023
CRITICAL
OPT/NET BV OPTOSS NG-NetMS <3.6-2 - SQL Injection
CVSS 9.8
CVE-2019-7316
CRITICAL
CSS-TRICKS Chat2 <2015-05-05 - SQL Injection
CVSS 9.8
CVE-2019-6798
CRITICAL
phpMyAdmin < 4.8.5 - SQL Injection via Designer Feature
CVSS 9.8
CVE-2019-6805
CRITICAL
S-CMS V3.0 - SQL Injection via Alipay API O_id Parameter
CVSS 9.8
CVE-2019-6708
HIGH
PHPSHE 1.7 - SQL Injection via admin.php order state Parameter
CVSS 7.2
CVE-2019-6707
HIGH
PHPSHE 1.7 - SQL Injection via product_id[] Parameter
CVSS 7.2
CVE-2019-6691
HIGH
phpwind 9.0.2.170426 UTF8 - SQL Injection via tabledb[] Parameter
CVSS 7.2
CVE-2019-6497
CRITICAL
Hotels_Server < 2018-11-05 - SQL Injection via Username Parameter
CVSS 9.8
CVE-2019-6296
CRITICAL
Cleanto 5.0 - SQL Injection via Export AJAX ID Parameter
CVSS 9.8
Details
Vulnerabilities
19,852
Exploit Likelihood
High