CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,852 vulnerabilities with CWE-89
CVE-2018-25413 HIGH
AiOPMSD Final 1.0.0 SQL Injection via search.php
CVSS 8.2
CVE-2018-25411 HIGH
MGB OpenSource Guestbook 0.7.0.2 SQL Injection via email.php
CVSS 8.2
CVE-2018-25410 HIGH
SIM-PKH 2.4.1 - SQL Injection via media.php id Parameter
CVSS 7.1
CVE-2018-25407 HIGH
eNdonesia Portal 8.7 SQL Injection via mod.php
CVSS 8.2
CVE-2018-25406 HIGH
eNdonesia Portal 8.7 SQL Injection via mod.php
CVSS 8.2
CVE-2018-25405 HIGH
eNdonesia Portal 8.7 SQL Injection via mod.php
CVSS 8.2
CVE-2018-25404 HIGH
The Open ISES Project 3.30A SQL Injection via add_facnote.php
CVSS 8.2
CVE-2018-25403 HIGH
The Open ISES Project 3.30A SQL Injection via city_graph.php
CVSS 8.2
CVE-2018-25402 HIGH
The Open ISES Project 3.30A SQL Injection via inc_types_graph.php
CVSS 8.2
CVE-2018-25401 HIGH
The Open ISES Project 3.30A SQL Injection via sever_graph.php
CVSS 8.2
CVE-2018-25400 HIGH
The Open ISES Project 3.30A SQL Injection via form_post.php
CVSS 8.2
CVE-2018-25399 HIGH
The Open ISES Project 3.30A SQL Injection via nearby.php
CVSS 8.2
CVE-2018-25398 HIGH
The Open ISES Project 3.30A SQL Injection via main.php
CVSS 8.2
CVE-2018-25395 HIGH
Kados R10 GreenBee SQL Injection via update_feature.php
CVSS 8.2
CVE-2018-25394 HIGH
Kados R10 GreenBee SQL Injection via update_release.php
CVSS 8.2
CVE-2018-25392 HIGH
MaxOn ERP Software 8.x-9.x SQL Injection via nomor Parameter
CVSS 7.1
CVE-2018-25390 HIGH
HaPe PKH 1.1 SQL Injection via desa Parameter
CVSS 8.2
CVE-2018-25389 HIGH
HaPe PKH 1.1 SQL Injection via nama_kelompok Parameter
CVSS 8.2
CVE-2018-25386 HIGH
HaPe PKH 1.1 SQL Injection via id Parameter in admin/media.php
CVSS 8.2
CVE-2018-25385 HIGH
E-Registrasi Pencak Silat 18.10 SQL Injection via id_partai
CVSS 8.2
CVE-2018-25382 HIGH
Zechat 1.5 SQL Injection via uname Parameter
CVSS 8.2
CVE-2018-25381 HIGH
Joomla Responsive Portfolio 1.6.1 SQL Injection via filter parameters
CVSS 7.1
CVE-2018-25380 HIGH
Joomla Component eXtroForms 2.1.5 SQL Injection via filter parameters
CVSS 7.1
CVE-2018-25379 HIGH
Collectric CMU 1.0 SQL Injection via lang Parameter
CVSS 8.2
CVE-2018-25372 HIGH
MedDream PACS Server Premium 6.7.1.1 SQL Injection via email
CVSS 8.2
Details
Vulnerabilities 19,852
Exploit Likelihood High