CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,852 vulnerabilities with CWE-89
CVE-2019-6295
CRITICAL
Cleanto 5.0 - SQL Injection via service_id Parameter
CVSS 9.8
CVE-2019-6259
CRITICAL
idreamsoft iCMS V7.0.13 - SQL Injection via article.admincp.php _data_id Parameter
CVSS 9.8
CVE-2019-6127
HIGH
XiaoCms 20141229 - SQL Injection via admin/index.php table Parameter
CVSS 7.2
CVE-2019-5893
CRITICAL
Nelson Open Source ERP 6.3.1 - SQL Injection via Query Parameter
CVSS 9.8
CVE-2019-5720
CRITICAL
FrontAccounting 2.4.6 - SQL Injection via void_transaction.php filterType Parameter
CVSS 9.8
CVE-2019-5488
HIGH
EARCLINK ESPCMS-P8 - SQL Injection via install_pack/index.php verify_key Parameter
CVSS 7.5
CVE-2019-3577
CRITICAL
Waimai Super Cms 20150505 - SQL Injection via id[0] Parameter
CVSS 9.8
CVE-2019-3576
CRITICAL
inxedu < 2018-12-24 - SQL Injection via deleteFaveorite PATH_INFO
CVSS 9.8
CVE-2019-3494
HIGH
simply-blog < 2019-01-01 - SQL Injection via admin/deleteCategories.php delete parameter
CVSS 7.5
CVE-2018-25434
HIGH
WP AutoSuggest 0.24 - Unauthenticated SQL Injection via wpas_keys Parameter
CVSS 8.2
CVE-2018-25433
HIGH
Joomla Component JE Photo Gallery 1.1 - Unauthenticated SQL Injection via categoryid Parameter
CVSS 8.2
CVE-2018-25431
HIGH
No-Cms 1.0 - Authenticated SQL Injection via order_by Parameter
CVSS 7.1
CVE-2018-25430
HIGH
Paroiciel 11.20 - Authenticated SQL Injection via eGeqIdEquipe Parameter
CVSS 7.1
CVE-2018-25429
HIGH
Paroiciel 11.20 - Authenticated SQL Injection via zProIdPro Parameter
CVSS 7.1
CVE-2018-25428
HIGH
Paroiciel 11.20 - Unauthenticated SQL Injection via tRecIdListe Parameter
CVSS 8.2
CVE-2018-25425
HIGH
Yot CMS 3.3.1 - SQL Injection via aid and cid Parameters
CVSS 8.2
CVE-2018-25424
HIGH
Gate Pass Management System 2.1 SQL Injection via login-exec.php
CVSS 8.2
CVE-2018-25422
HIGH
MOGG web simulator Script All Version SQL Injection via play.php
CVSS 8.2
CVE-2018-25420
HIGH
AiOPMSD Final 1.0.0 SQL Injection via watch.php
CVSS 8.2
CVE-2018-25419
HIGH
AiOPMSD Final 1.0.0 SQL Injection via genre.php
CVSS 8.2
CVE-2018-25418
HIGH
AiOPMSD Final 1.0.0 SQL Injection via year.php
CVSS 8.2
CVE-2018-25417
HIGH
AiOPMSD Final 1.0.0 SQL Injection via quality.php
CVSS 8.2
CVE-2018-25416
HIGH
AiOPMSD Final 1.0.0 SQL Injection via country.php
CVSS 8.2
CVE-2018-25415
HIGH
AiOPMSD Final 1.0.0 SQL Injection via director Parameter
CVSS 8.2
CVE-2018-25414
HIGH
AiOPMSD Final 1.0.0 SQL Injection via actor.php
CVSS 8.2
Details
Vulnerabilities
19,852
Exploit Likelihood
High