CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,857 vulnerabilities with CWE-89
CVE-2018-5404 MEDIUM
Quest Kace K1000 <9.0.270 - Blind SQL Injection
CVSS 6.5
CVE-2018-17843 CRITICAL
ADD Clicking MLM Software <1.0 - SQL Injection
CVSS 9.8
CVE-2018-7841 CRITICAL KEV
U.motion Builder <1.3.4 - SQL Injection
CVSS 9.8
CVE-2018-17181 CRITICAL
OpenEMR < 5.0.1.7 - SQL Injection via SaveAudit and portalAudit Functions
CVSS 9.8
CVE-2018-17179 CRITICAL
OpenEMR < 5.0.1.7 - SQL Injection via taskman.php
CVSS 9.8
CVE-2018-17048 HIGH
FDCMS 4.2 - SQL Injection in FpluginAction.class.php
CVSS 7.5
CVE-2018-18800 CRITICAL
Tubigan Welcome to our Resort 1.0 - SQL Injection via index.php or admin/login.php Parameters
CVSS 9.8
CVE-2018-16137 HIGH
IPBRICK OS 6.3 - SQL Injection
CVSS 8.8
CVE-2018-12295 CRITICAL
Seagate NAS OS <4.3.15.1 - SQL Injection
CVSS 9.8
CVE-2018-14874 HIGH
Polaris FT Intellect Core Banking 9.7.1 - SQL Injection
CVSS 8.8
CVE-2018-18285 CRITICAL
Mitel CMG Suite < 8.4 SP2 - Unauthenticated SQL Injection via Login Interface
CVSS 9.8
CVE-2018-18286 CRITICAL
Mitel CMG Suite < 8.4 SP2 - Unauthenticated SQL Injection via changepwd Interface
CVSS 9.8
CVE-2018-18251 CRITICAL
Deltek Vision 7.0-7.5 - Authenticated SQL Injection via Custom RPC over HTTP Protocol
CVSS 9.8
CVE-2018-18018 CRITICAL
Tribulant Slideshow Gallery 1.6.8 - SQL Injection via Gallery[id] or Gallery[title] Parameter
CVSS 9.8
CVE-2018-1994 MEDIUM
IBM InfoSphere Information Server <11.5/11.7 - SQL Injection
CVSS 6.3
CVE-2018-20505 HIGH
SQLite < 3.25.2 - Denial of Service via Malformed PRIMARY KEY
CVSS 7.5
CVE-2018-6330 HIGH
Laravel 5.4.15 - SQL Injection via dhx_user and dhx_version Parameters
CVSS 8.8
CVE-2018-20678 HIGH
LibreNMS < 1.47 - Authenticated SQL Injection via ajax_table.php sort[hostname] Parameter
CVSS 8.8
CVE-2018-20556 HIGH
Booking Calendar 8.4.3 - SQL Injection via booking_id Parameter
CVSS 8.8
CVE-2018-19510 CRITICAL
Webgalamb < 7.0 - SQL Injection via Client-IP HTTP Header
CVSS 9.8
CVE-2018-18798 CRITICAL
School Attendance Monitoring System 1.0 - SQL Injection via ID Parameter
CVSS 9.8
CVE-2018-17988 CRITICAL
LayerBB 1.1.1 and 1.1.3 - SQL Injection via search.php search_query Parameter
CVSS 9.8
CVE-2018-17420 HIGH
ZrLog 2.0.3 - SQL Injection via Article Management Search Keywords Parameter
CVSS 7.2
CVE-2018-17416 HIGH
zzcms v8.3 - SQL Injection via Bigclassid Parameter
CVSS 7.2
CVE-2018-17415 HIGH
zzcms V8.3 - SQL Injection via id Parameter
CVSS 8.8
Details
Vulnerabilities 19,857
Exploit Likelihood High