CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,855 vulnerabilities with CWE-89
CVE-2018-13442 HIGH
SolarWinds Network Performance Monitor < 12.3 SQL Injection via ActiveAlertsOnThisEntity
CVSS 8.8
CVE-2018-12250 HIGH
Elite CMS Pro 2.01 - SQL Injection via Admin Add Sidebar Page Parameter
CVSS 7.2
CVE-2018-15868 CRITICAL
Chronoscan < 1.5.4.3 - Unauthenticated SQL Injection via wcr_machineid Cookie
CVSS 9.8
CVE-2018-16116 HIGH
Sophos SFOS - Authenticated SQL Injection via AccountStatus.jsp Username Parameter
CVSS 8.8
CVE-2018-15892 MEDIUM
FreePBX DISA < 13.0.6.2 - SQL Injection via hangup Variable
CVSS 4.3
CVE-2018-16251 MEDIUM
Creatiwity wityCMS 0.6.2 - SQL Injection via User Search Parameters
CVSS 4.3
CVE-2018-17388 CRITICAL
Twilio WEB To Fax Machine System 1.0 - SQL Injection
CVSS 9.8
CVE-2018-17386 CRITICAL
Micro Deal Factory 2.4.0 - SQL Injection
CVSS 9.8
CVE-2018-17381 CRITICAL
Dutch Auction Factory 2.0.2 - SQL Injection
CVSS 9.8
CVE-2018-17374 CRITICAL
Auction Factory 4.5.5 - SQL Injection
CVSS 9.8
CVE-2018-17842 CRITICAL
Scriptzee Hotel Booking Engine 1.0 - SQL Injection
CVSS 9.8
CVE-2018-17841 CRITICAL
Scriptzee Flippa Marketplace Clone 1.0 - SQL Injection
CVSS 9.8
CVE-2018-17840 CRITICAL
Scriptzee Education Website 1.0 - SQL Injection
CVSS 9.8
CVE-2018-17399 CRITICAL
jimtawl 2.2.7 - SQL Injection via id Parameter
CVSS 9.8
CVE-2018-17398 CRITICAL
arenam AMGallery 1.2.3 - SQL Injection via filter_category_id Parameter
CVSS 9.8
CVE-2018-17393 CRITICAL
HealthNode Hospital Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2018-18758 CRITICAL
Open Faculty Evaluation System 7 - SQL Injection via submit_feedback.php
CVSS 9.8
CVE-2018-18757 CRITICAL
Open Faculty Evaluation System 5.6 - SQL Injection via submit_feedback.php
CVSS 9.8
CVE-2018-20469 CRITICAL
Sahi Pro < 8.0.0 - SQL Injection via Web Reports Module Parameter
CVSS 9.8
CVE-2018-11801 CRITICAL
Apache Fineract <1.3.0 - SQL Injection
CVSS 9.8
CVE-2018-11800 CRITICAL
Apache Fineract <1.3.0 - SQL Injection
CVSS 9.8
CVE-2018-19462 HIGH
EmpireCMS < 7.5.0 - Remote Code Execution via SQL Injection in SELECT INTO OUTFILE
CVSS 7.2
CVE-2018-20091 CRITICAL
Cloudera Data Science Workbench <1.4.2 - SQL Injection
CVSS 9.9
CVE-2018-5404 MEDIUM
Quest Kace K1000 <9.0.270 - Blind SQL Injection
CVSS 6.5
CVE-2018-17843 CRITICAL
ADD Clicking MLM Software <1.0 - SQL Injection
CVSS 9.8
Details
Vulnerabilities 19,855
Exploit Likelihood High