CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,852 vulnerabilities with CWE-89
CVE-2018-25371 HIGH
mooSocial Store Plugin 2.6 SQL Injection via product parameter
CVSS 8.2
CVE-2018-25364 HIGH
Twitter-Clone 1 SQL Injection via search.php
CVSS 8.2
CVE-2018-25362 HIGH
Twitter-Clone 1 SQL Injection via follow.php
CVSS 8.2
CVE-2018-25352 HIGH
WordPress Ultimate Form Builder Lite 1.3.7 SQL Injection via entry_id
CVSS 7.1
CVE-2018-25351 HIGH
Joomla! Component EkRishta 2.10 SQL Injection via username
CVSS 8.2
CVE-2018-25348 HIGH
Joomla! Component Ek Rishta 2.10 SQL Injection via user_detail
CVSS 8.2
CVE-2018-25347 HIGH
WordPress Contact Form Maker Plugin 1.12.20 SQL Injection
CVSS 7.1
CVE-2018-25346 HIGH
WordPress Form Maker Plugin 1.12.24 SQL Injection via admin-ajax.php
CVSS 7.1
CVE-2018-25342 HIGH
Smartshop 1 SQL Injection via search.php
CVSS 8.2
CVE-2018-25341 HIGH
Smartshop 1 SQL Injection via product.php id Parameter
CVSS 8.2
CVE-2018-25340 HIGH
Smartshop 1 SQL Injection via category.php
CVSS 8.2
CVE-2018-25339 HIGH
Zechat 1.5 SQL Injection via v parameter (time-based blind)
CVSS 8.2
CVE-2018-25338 HIGH
Zechat 1.5 SQL Injection via hashtag parameter
CVSS 8.2
CVE-2018-25333 HIGH
Nordex N149/4.0-4.5 Wind Turbine Web Server SQL Injection
CVSS 8.2
CVE-2018-25330 HIGH
Joomla! EkRishta 2.10 Persistent XSS and SQL Injection
CVSS 8.2
CVE-2018-25319 HIGH
Redaxo CMS Addon MyEvents 2.2.1 SQL Injection via event_add.php
CVSS 7.1
CVE-2018-25300 HIGH
XATABoost CMS 1.0.0 SQL Injection via news.php
CVSS 8.2
CVE-2018-25257 HIGH
Adianti Framework 5.5.0 and 5.6.0 SQL Injection via Profile
CVSS 7.1
CVE-2018-25209 HIGH
OpenBiz Cubi Lite 3.0.8 SQL Injection via username Parameter
CVSS 8.2
CVE-2018-25208 HIGH
qdPM 9.1 SQL Injection via filter_by Parameters
CVSS 8.2
CVE-2018-25207 HIGH
Online Quiz Maker 1.0 SQL Injection via catid Parameter
CVSS 7.1
CVE-2018-25206 HIGH
KomSeo Cart 1.3 SQL Injection via edit.php
CVSS 8.2
CVE-2018-25205 HIGH
ASP.NET jVideo Kit 1.0 SQL Injection via query Parameter
CVSS 8.2
CVE-2018-25204 HIGH
Library CMS 1.0 SQL Injection via admin login
CVSS 8.2
CVE-2018-25203 HIGH
Online Store System CMS 1.0 SQL Injection via clientaccess
CVSS 8.2
Details
Vulnerabilities 19,852
Exploit Likelihood High