CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,852 vulnerabilities with CWE-89
CVE-2018-25413
HIGH
AiOPMSD Final 1.0.0 SQL Injection via search.php
CVSS 8.2
CVE-2018-25411
HIGH
MGB OpenSource Guestbook 0.7.0.2 SQL Injection via email.php
CVSS 8.2
CVE-2018-25410
HIGH
SIM-PKH 2.4.1 - SQL Injection via media.php id Parameter
CVSS 7.1
CVE-2018-25407
HIGH
eNdonesia Portal 8.7 SQL Injection via mod.php
CVSS 8.2
CVE-2018-25406
HIGH
eNdonesia Portal 8.7 SQL Injection via mod.php
CVSS 8.2
CVE-2018-25405
HIGH
eNdonesia Portal 8.7 SQL Injection via mod.php
CVSS 8.2
CVE-2018-25404
HIGH
The Open ISES Project 3.30A SQL Injection via add_facnote.php
CVSS 8.2
CVE-2018-25403
HIGH
The Open ISES Project 3.30A SQL Injection via city_graph.php
CVSS 8.2
CVE-2018-25402
HIGH
The Open ISES Project 3.30A SQL Injection via inc_types_graph.php
CVSS 8.2
CVE-2018-25401
HIGH
The Open ISES Project 3.30A SQL Injection via sever_graph.php
CVSS 8.2
CVE-2018-25400
HIGH
The Open ISES Project 3.30A SQL Injection via form_post.php
CVSS 8.2
CVE-2018-25399
HIGH
The Open ISES Project 3.30A SQL Injection via nearby.php
CVSS 8.2
CVE-2018-25398
HIGH
The Open ISES Project 3.30A SQL Injection via main.php
CVSS 8.2
CVE-2018-25395
HIGH
Kados R10 GreenBee SQL Injection via update_feature.php
CVSS 8.2
CVE-2018-25394
HIGH
Kados R10 GreenBee SQL Injection via update_release.php
CVSS 8.2
CVE-2018-25392
HIGH
MaxOn ERP Software 8.x-9.x SQL Injection via nomor Parameter
CVSS 7.1
CVE-2018-25390
HIGH
HaPe PKH 1.1 SQL Injection via desa Parameter
CVSS 8.2
CVE-2018-25389
HIGH
HaPe PKH 1.1 SQL Injection via nama_kelompok Parameter
CVSS 8.2
CVE-2018-25386
HIGH
HaPe PKH 1.1 SQL Injection via id Parameter in admin/media.php
CVSS 8.2
CVE-2018-25385
HIGH
E-Registrasi Pencak Silat 18.10 SQL Injection via id_partai
CVSS 8.2
CVE-2018-25382
HIGH
Zechat 1.5 SQL Injection via uname Parameter
CVSS 8.2
CVE-2018-25381
HIGH
Joomla Responsive Portfolio 1.6.1 SQL Injection via filter parameters
CVSS 7.1
CVE-2018-25380
HIGH
Joomla Component eXtroForms 2.1.5 SQL Injection via filter parameters
CVSS 7.1
CVE-2018-25379
HIGH
Collectric CMU 1.0 SQL Injection via lang Parameter
CVSS 8.2
CVE-2018-25372
HIGH
MedDream PACS Server Premium 6.7.1.1 SQL Injection via email
CVSS 8.2
Details
Vulnerabilities
19,852
Exploit Likelihood
High