CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,852 vulnerabilities with CWE-89
CVE-2018-25371
HIGH
mooSocial Store Plugin 2.6 SQL Injection via product parameter
CVSS 8.2
CVE-2018-25364
HIGH
Twitter-Clone 1 SQL Injection via search.php
CVSS 8.2
CVE-2018-25362
HIGH
Twitter-Clone 1 SQL Injection via follow.php
CVSS 8.2
CVE-2018-25352
HIGH
WordPress Ultimate Form Builder Lite 1.3.7 SQL Injection via entry_id
CVSS 7.1
CVE-2018-25351
HIGH
Joomla! Component EkRishta 2.10 SQL Injection via username
CVSS 8.2
CVE-2018-25348
HIGH
Joomla! Component Ek Rishta 2.10 SQL Injection via user_detail
CVSS 8.2
CVE-2018-25347
HIGH
WordPress Contact Form Maker Plugin 1.12.20 SQL Injection
CVSS 7.1
CVE-2018-25346
HIGH
WordPress Form Maker Plugin 1.12.24 SQL Injection via admin-ajax.php
CVSS 7.1
CVE-2018-25342
HIGH
Smartshop 1 SQL Injection via search.php
CVSS 8.2
CVE-2018-25341
HIGH
Smartshop 1 SQL Injection via product.php id Parameter
CVSS 8.2
CVE-2018-25340
HIGH
Smartshop 1 SQL Injection via category.php
CVSS 8.2
CVE-2018-25339
HIGH
Zechat 1.5 SQL Injection via v parameter (time-based blind)
CVSS 8.2
CVE-2018-25338
HIGH
Zechat 1.5 SQL Injection via hashtag parameter
CVSS 8.2
CVE-2018-25333
HIGH
Nordex N149/4.0-4.5 Wind Turbine Web Server SQL Injection
CVSS 8.2
CVE-2018-25330
HIGH
Joomla! EkRishta 2.10 Persistent XSS and SQL Injection
CVSS 8.2
CVE-2018-25319
HIGH
Redaxo CMS Addon MyEvents 2.2.1 SQL Injection via event_add.php
CVSS 7.1
CVE-2018-25300
HIGH
XATABoost CMS 1.0.0 SQL Injection via news.php
CVSS 8.2
CVE-2018-25257
HIGH
Adianti Framework 5.5.0 and 5.6.0 SQL Injection via Profile
CVSS 7.1
CVE-2018-25209
HIGH
OpenBiz Cubi Lite 3.0.8 SQL Injection via username Parameter
CVSS 8.2
CVE-2018-25208
HIGH
qdPM 9.1 SQL Injection via filter_by Parameters
CVSS 8.2
CVE-2018-25207
HIGH
Online Quiz Maker 1.0 SQL Injection via catid Parameter
CVSS 7.1
CVE-2018-25206
HIGH
KomSeo Cart 1.3 SQL Injection via edit.php
CVSS 8.2
CVE-2018-25205
HIGH
ASP.NET jVideo Kit 1.0 SQL Injection via query Parameter
CVSS 8.2
CVE-2018-25204
HIGH
Library CMS 1.0 SQL Injection via admin login
CVSS 8.2
CVE-2018-25203
HIGH
Online Store System CMS 1.0 SQL Injection via clientaccess
CVSS 8.2
Details
Vulnerabilities
19,852
Exploit Likelihood
High