CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,855 vulnerabilities with CWE-89
CVE-2018-25163 HIGH
BitZoom 1.0 - Unauthenticated SQL Injection via rollno Parameter
CVSS 8.2
CVE-2018-25161 HIGH
Warranty Tracking System 11.06.3 - SQL Injection
CVSS 8.2
CVE-2018-25128 HIGH
SOCA Access Control System 180612 - SQL Injection
CVSS 8.2
CVE-2018-25106 MEDIUM
WordPress NebulaX Theme <5.0 - SQL Injection
CVSS 6.3
CVE-2018-25088 MEDIUM
Blue Yonder postgraas_server <2.0.0b2 - SQL Injection
CVSS 5.5
CVE-2018-25076 MEDIUM
BigTree Events Extension - SQL Injection
CVSS 5.5
CVE-2018-25075 MEDIUM
karsany OBridge <1.3 - SQL Injection
CVSS 4.6
CVE-2018-25072 MEDIUM
lojban jbovlaste < 2018-06-02 - SQL Injection in dict/listing.html
CVSS 6.3
CVE-2018-25071 MEDIUM
Roxlukas LMeve <0.1.58 - SQL Injection
CVSS 5.5
CVE-2018-25070 MEDIUM
polterguy Phosphorus Five <8.2 - SQL Injection
CVSS 5.5
CVE-2018-25067 MEDIUM
JoomGallery < 3.3.4 - SQL Injection in Image Sort Handler
CVSS 5.5
CVE-2018-25066 MEDIUM
PeterMu nodebatis <2.2.0 - SQL Injection
CVSS 5.5
CVE-2018-25057 MEDIUM
simple_php_link_shortener - SQL Injection
CVSS 5.5
CVE-2018-19952 HIGH
QNAP Music Station < 5.3.11 - SQL Injection
CVSS 7.5
CVE-2018-14502 CRITICAL
Kiboko Chained Quiz <1.0.9 - SQL Injection
CVSS 9.8
CVE-2018-16357 CRITICAL
PbootCMS - SQL Injection via api.php/Cms/search order parameter
CVSS 9.8
CVE-2018-16356 CRITICAL
PbootCMS - SQL Injection via api.php/List/index order parameter
CVSS 9.8
CVE-2018-7282 CRITICAL
TITool PrintMonitor < pm18.2.1 - SQL Injection via Username Parameter
CVSS 9.8
CVE-2018-21022 HIGH
Centreon Web < 2.8.28 - SQL Injection via host_id Parameter
CVSS 8.8
CVE-2018-21021 HIGH
Centreon Web < 2.8.27 - SQL Injection via img_gantt.php host_id Parameter
CVSS 8.8
CVE-2018-21004 CRITICAL
rsvpmaker < 5.6.4 - SQL Injection
CVSS 9.8
CVE-2018-21003 CRITICAL
BuddyForms < 2.2.8 - SQL Injection
CVSS 9.8
CVE-2018-20887 CRITICAL
cPanel < 74.0.0 - SQL Injection during Database Backups
CVSS 9.8
CVE-2018-11774 HIGH
Apache Virtual Computing Lab 2.1-2.5 - Authenticated SQL Injection
CVSS 7.2
CVE-2018-11772 HIGH
Apache Virtual Computing Lab 2.1-2.5 - Authenticated SQL Injection via Privilege Tree Cookie
CVSS 7.2
Details
Vulnerabilities 19,855
Exploit Likelihood High