CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,852 vulnerabilities with CWE-89
CVE-2018-25202 HIGH
SAT CFDI 3.3 SQL Injection via signIn endpoint
CVSS 8.2
CVE-2018-25201 HIGH
School Management System CMS 1.0 Admin Login SQL Injection
CVSS 7.1
CVE-2018-25195 HIGH
Wecodex Hotel CMS 1.0 SQL Injection via Admin Login
CVSS 8.2
CVE-2018-25185 HIGH
Wecodex Restaurant CMS 1.0 SQL Injection via Login
CVSS 8.2
CVE-2018-25183 HIGH
Shipping System CMS 1.0 SQL Injection via admin login
CVSS 8.2
CVE-2018-25199 HIGH
OOP CMS BLOG 1.0 - Unauthenticated SQL Injection via Search Parameter
CVSS 8.2
CVE-2018-25197 HIGH
PlayJoom 0.10.1 - Unauthenticated SQL Injection via catid Parameter
CVSS 8.2
CVE-2018-25196 HIGH
ServerZilla 1.0 - Unauthenticated SQL Injection via Email Parameter
CVSS 8.2
CVE-2018-25192 HIGH
GPS Tracking System 2.12 - SQL Injection
CVSS 8.2
CVE-2018-25191 HIGH
Facturation System 1.0 - SQL Injection
CVSS 7.1
CVE-2018-25189 HIGH
Data Center Audit 2.6.2 - SQL Injection
CVSS 8.2
CVE-2018-25188 HIGH
Webiness Inventory 2.3 - SQL Injection
CVSS 8.2
CVE-2018-25187 HIGH
Tina4 Stack 1.0.3 - Unauthenticated SQL Injection and Database File Download via Menu Endpoint
CVSS 8.2
CVE-2018-25182 HIGH
Silurus Classifieds Script 2.0 - SQL Injection
CVSS 8.2
CVE-2018-25180 HIGH
Maitra 1.7.2 - Authenticated SQL Injection via Mailid Parameter
CVSS 7.1
CVE-2018-25179 HIGH
Gumbo CMS 0.99 - Unauthenticated SQL Injection via Settings Endpoint Language Parameter
CVSS 8.2
CVE-2018-25175 HIGH
Alienor Web Libre 2.0 - SQL Injection
CVSS 8.2
CVE-2018-25173 HIGH
Rmedia SMS 1.0 - Unauthenticated SQL Injection via editgrp.php gid Parameter
CVSS 8.2
CVE-2018-25172 HIGH
Pedidos 1.0 - Unauthenticated SQL Injection via 'q' Parameter in load_proveedores.php
CVSS 8.2
CVE-2018-25167 HIGH
Net-Billetterie 2.9 - SQL Injection
CVSS 8.2
CVE-2018-25166 HIGH
Meneame English Pligg 5.8 - SQL Injection
CVSS 8.2
CVE-2018-25165 HIGH
Galaxy Forces MMORPG 0.5.8 - SQL Injection
CVSS 7.1
CVE-2018-25163 HIGH
BitZoom 1.0 - Unauthenticated SQL Injection via rollno Parameter
CVSS 8.2
CVE-2018-25161 HIGH
Warranty Tracking System 11.06.3 - SQL Injection
CVSS 8.2
CVE-2018-25128 HIGH
SOCA Access Control System 180612 - SQL Injection
CVSS 8.2
Details
Vulnerabilities 19,852
Exploit Likelihood High