CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,855 vulnerabilities with CWE-89
CVE-2018-25163
HIGH
BitZoom 1.0 - Unauthenticated SQL Injection via rollno Parameter
CVSS 8.2
CVE-2018-25161
HIGH
Warranty Tracking System 11.06.3 - SQL Injection
CVSS 8.2
CVE-2018-25128
HIGH
SOCA Access Control System 180612 - SQL Injection
CVSS 8.2
CVE-2018-25106
MEDIUM
WordPress NebulaX Theme <5.0 - SQL Injection
CVSS 6.3
CVE-2018-25088
MEDIUM
Blue Yonder postgraas_server <2.0.0b2 - SQL Injection
CVSS 5.5
CVE-2018-25076
MEDIUM
BigTree Events Extension - SQL Injection
CVSS 5.5
CVE-2018-25075
MEDIUM
karsany OBridge <1.3 - SQL Injection
CVSS 4.6
CVE-2018-25072
MEDIUM
lojban jbovlaste < 2018-06-02 - SQL Injection in dict/listing.html
CVSS 6.3
CVE-2018-25071
MEDIUM
Roxlukas LMeve <0.1.58 - SQL Injection
CVSS 5.5
CVE-2018-25070
MEDIUM
polterguy Phosphorus Five <8.2 - SQL Injection
CVSS 5.5
CVE-2018-25067
MEDIUM
JoomGallery < 3.3.4 - SQL Injection in Image Sort Handler
CVSS 5.5
CVE-2018-25066
MEDIUM
PeterMu nodebatis <2.2.0 - SQL Injection
CVSS 5.5
CVE-2018-25057
MEDIUM
simple_php_link_shortener - SQL Injection
CVSS 5.5
CVE-2018-19952
HIGH
QNAP Music Station < 5.3.11 - SQL Injection
CVSS 7.5
CVE-2018-14502
CRITICAL
Kiboko Chained Quiz <1.0.9 - SQL Injection
CVSS 9.8
CVE-2018-16357
CRITICAL
PbootCMS - SQL Injection via api.php/Cms/search order parameter
CVSS 9.8
CVE-2018-16356
CRITICAL
PbootCMS - SQL Injection via api.php/List/index order parameter
CVSS 9.8
CVE-2018-7282
CRITICAL
TITool PrintMonitor < pm18.2.1 - SQL Injection via Username Parameter
CVSS 9.8
CVE-2018-21022
HIGH
Centreon Web < 2.8.28 - SQL Injection via host_id Parameter
CVSS 8.8
CVE-2018-21021
HIGH
Centreon Web < 2.8.27 - SQL Injection via img_gantt.php host_id Parameter
CVSS 8.8
CVE-2018-21004
CRITICAL
rsvpmaker < 5.6.4 - SQL Injection
CVSS 9.8
CVE-2018-21003
CRITICAL
BuddyForms < 2.2.8 - SQL Injection
CVSS 9.8
CVE-2018-20887
CRITICAL
cPanel < 74.0.0 - SQL Injection during Database Backups
CVSS 9.8
CVE-2018-11774
HIGH
Apache Virtual Computing Lab 2.1-2.5 - Authenticated SQL Injection
CVSS 7.2
CVE-2018-11772
HIGH
Apache Virtual Computing Lab 2.1-2.5 - Authenticated SQL Injection via Privilege Tree Cookie
CVSS 7.2
Details
Vulnerabilities
19,855
Exploit Likelihood
High