CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,855 vulnerabilities with CWE-89
CVE-2018-13442
HIGH
SolarWinds Network Performance Monitor < 12.3 SQL Injection via ActiveAlertsOnThisEntity
CVSS 8.8
CVE-2018-12250
HIGH
Elite CMS Pro 2.01 - SQL Injection via Admin Add Sidebar Page Parameter
CVSS 7.2
CVE-2018-15868
CRITICAL
Chronoscan < 1.5.4.3 - Unauthenticated SQL Injection via wcr_machineid Cookie
CVSS 9.8
CVE-2018-16116
HIGH
Sophos SFOS - Authenticated SQL Injection via AccountStatus.jsp Username Parameter
CVSS 8.8
CVE-2018-15892
MEDIUM
FreePBX DISA < 13.0.6.2 - SQL Injection via hangup Variable
CVSS 4.3
CVE-2018-16251
MEDIUM
Creatiwity wityCMS 0.6.2 - SQL Injection via User Search Parameters
CVSS 4.3
CVE-2018-17388
CRITICAL
Twilio WEB To Fax Machine System 1.0 - SQL Injection
CVSS 9.8
CVE-2018-17386
CRITICAL
Micro Deal Factory 2.4.0 - SQL Injection
CVSS 9.8
CVE-2018-17381
CRITICAL
Dutch Auction Factory 2.0.2 - SQL Injection
CVSS 9.8
CVE-2018-17374
CRITICAL
Auction Factory 4.5.5 - SQL Injection
CVSS 9.8
CVE-2018-17842
CRITICAL
Scriptzee Hotel Booking Engine 1.0 - SQL Injection
CVSS 9.8
CVE-2018-17841
CRITICAL
Scriptzee Flippa Marketplace Clone 1.0 - SQL Injection
CVSS 9.8
CVE-2018-17840
CRITICAL
Scriptzee Education Website 1.0 - SQL Injection
CVSS 9.8
CVE-2018-17399
CRITICAL
jimtawl 2.2.7 - SQL Injection via id Parameter
CVSS 9.8
CVE-2018-17398
CRITICAL
arenam AMGallery 1.2.3 - SQL Injection via filter_category_id Parameter
CVSS 9.8
CVE-2018-17393
CRITICAL
HealthNode Hospital Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2018-18758
CRITICAL
Open Faculty Evaluation System 7 - SQL Injection via submit_feedback.php
CVSS 9.8
CVE-2018-18757
CRITICAL
Open Faculty Evaluation System 5.6 - SQL Injection via submit_feedback.php
CVSS 9.8
CVE-2018-20469
CRITICAL
Sahi Pro < 8.0.0 - SQL Injection via Web Reports Module Parameter
CVSS 9.8
CVE-2018-11801
CRITICAL
Apache Fineract <1.3.0 - SQL Injection
CVSS 9.8
CVE-2018-11800
CRITICAL
Apache Fineract <1.3.0 - SQL Injection
CVSS 9.8
CVE-2018-19462
HIGH
EmpireCMS < 7.5.0 - Remote Code Execution via SQL Injection in SELECT INTO OUTFILE
CVSS 7.2
CVE-2018-20091
CRITICAL
Cloudera Data Science Workbench <1.4.2 - SQL Injection
CVSS 9.9
CVE-2018-5404
MEDIUM
Quest Kace K1000 <9.0.270 - Blind SQL Injection
CVSS 6.5
CVE-2018-17843
CRITICAL
ADD Clicking MLM Software <1.0 - SQL Injection
CVSS 9.8
Details
Vulnerabilities
19,855
Exploit Likelihood
High