CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,852 vulnerabilities with CWE-89
CVE-2018-25202
HIGH
SAT CFDI 3.3 SQL Injection via signIn endpoint
CVSS 8.2
CVE-2018-25201
HIGH
School Management System CMS 1.0 Admin Login SQL Injection
CVSS 7.1
CVE-2018-25195
HIGH
Wecodex Hotel CMS 1.0 SQL Injection via Admin Login
CVSS 8.2
CVE-2018-25185
HIGH
Wecodex Restaurant CMS 1.0 SQL Injection via Login
CVSS 8.2
CVE-2018-25183
HIGH
Shipping System CMS 1.0 SQL Injection via admin login
CVSS 8.2
CVE-2018-25199
HIGH
OOP CMS BLOG 1.0 - Unauthenticated SQL Injection via Search Parameter
CVSS 8.2
CVE-2018-25197
HIGH
PlayJoom 0.10.1 - Unauthenticated SQL Injection via catid Parameter
CVSS 8.2
CVE-2018-25196
HIGH
ServerZilla 1.0 - Unauthenticated SQL Injection via Email Parameter
CVSS 8.2
CVE-2018-25192
HIGH
GPS Tracking System 2.12 - SQL Injection
CVSS 8.2
CVE-2018-25191
HIGH
Facturation System 1.0 - SQL Injection
CVSS 7.1
CVE-2018-25189
HIGH
Data Center Audit 2.6.2 - SQL Injection
CVSS 8.2
CVE-2018-25188
HIGH
Webiness Inventory 2.3 - SQL Injection
CVSS 8.2
CVE-2018-25187
HIGH
Tina4 Stack 1.0.3 - Unauthenticated SQL Injection and Database File Download via Menu Endpoint
CVSS 8.2
CVE-2018-25182
HIGH
Silurus Classifieds Script 2.0 - SQL Injection
CVSS 8.2
CVE-2018-25180
HIGH
Maitra 1.7.2 - Authenticated SQL Injection via Mailid Parameter
CVSS 7.1
CVE-2018-25179
HIGH
Gumbo CMS 0.99 - Unauthenticated SQL Injection via Settings Endpoint Language Parameter
CVSS 8.2
CVE-2018-25175
HIGH
Alienor Web Libre 2.0 - SQL Injection
CVSS 8.2
CVE-2018-25173
HIGH
Rmedia SMS 1.0 - Unauthenticated SQL Injection via editgrp.php gid Parameter
CVSS 8.2
CVE-2018-25172
HIGH
Pedidos 1.0 - Unauthenticated SQL Injection via 'q' Parameter in load_proveedores.php
CVSS 8.2
CVE-2018-25167
HIGH
Net-Billetterie 2.9 - SQL Injection
CVSS 8.2
CVE-2018-25166
HIGH
Meneame English Pligg 5.8 - SQL Injection
CVSS 8.2
CVE-2018-25165
HIGH
Galaxy Forces MMORPG 0.5.8 - SQL Injection
CVSS 7.1
CVE-2018-25163
HIGH
BitZoom 1.0 - Unauthenticated SQL Injection via rollno Parameter
CVSS 8.2
CVE-2018-25161
HIGH
Warranty Tracking System 11.06.3 - SQL Injection
CVSS 8.2
CVE-2018-25128
HIGH
SOCA Access Control System 180612 - SQL Injection
CVSS 8.2
Details
Vulnerabilities
19,852
Exploit Likelihood
High