CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,857 vulnerabilities with CWE-89
CVE-2018-5404
MEDIUM
Quest Kace K1000 <9.0.270 - Blind SQL Injection
CVSS 6.5
CVE-2018-17843
CRITICAL
ADD Clicking MLM Software <1.0 - SQL Injection
CVSS 9.8
CVE-2018-7841
CRITICAL
KEV
U.motion Builder <1.3.4 - SQL Injection
CVSS 9.8
CVE-2018-17181
CRITICAL
OpenEMR < 5.0.1.7 - SQL Injection via SaveAudit and portalAudit Functions
CVSS 9.8
CVE-2018-17179
CRITICAL
OpenEMR < 5.0.1.7 - SQL Injection via taskman.php
CVSS 9.8
CVE-2018-17048
HIGH
FDCMS 4.2 - SQL Injection in FpluginAction.class.php
CVSS 7.5
CVE-2018-18800
CRITICAL
Tubigan Welcome to our Resort 1.0 - SQL Injection via index.php or admin/login.php Parameters
CVSS 9.8
CVE-2018-16137
HIGH
IPBRICK OS 6.3 - SQL Injection
CVSS 8.8
CVE-2018-12295
CRITICAL
Seagate NAS OS <4.3.15.1 - SQL Injection
CVSS 9.8
CVE-2018-14874
HIGH
Polaris FT Intellect Core Banking 9.7.1 - SQL Injection
CVSS 8.8
CVE-2018-18285
CRITICAL
Mitel CMG Suite < 8.4 SP2 - Unauthenticated SQL Injection via Login Interface
CVSS 9.8
CVE-2018-18286
CRITICAL
Mitel CMG Suite < 8.4 SP2 - Unauthenticated SQL Injection via changepwd Interface
CVSS 9.8
CVE-2018-18251
CRITICAL
Deltek Vision 7.0-7.5 - Authenticated SQL Injection via Custom RPC over HTTP Protocol
CVSS 9.8
CVE-2018-18018
CRITICAL
Tribulant Slideshow Gallery 1.6.8 - SQL Injection via Gallery[id] or Gallery[title] Parameter
CVSS 9.8
CVE-2018-1994
MEDIUM
IBM InfoSphere Information Server <11.5/11.7 - SQL Injection
CVSS 6.3
CVE-2018-20505
HIGH
SQLite < 3.25.2 - Denial of Service via Malformed PRIMARY KEY
CVSS 7.5
CVE-2018-6330
HIGH
Laravel 5.4.15 - SQL Injection via dhx_user and dhx_version Parameters
CVSS 8.8
CVE-2018-20678
HIGH
LibreNMS < 1.47 - Authenticated SQL Injection via ajax_table.php sort[hostname] Parameter
CVSS 8.8
CVE-2018-20556
HIGH
Booking Calendar 8.4.3 - SQL Injection via booking_id Parameter
CVSS 8.8
CVE-2018-19510
CRITICAL
Webgalamb < 7.0 - SQL Injection via Client-IP HTTP Header
CVSS 9.8
CVE-2018-18798
CRITICAL
School Attendance Monitoring System 1.0 - SQL Injection via ID Parameter
CVSS 9.8
CVE-2018-17988
CRITICAL
LayerBB 1.1.1 and 1.1.3 - SQL Injection via search.php search_query Parameter
CVSS 9.8
CVE-2018-17420
HIGH
ZrLog 2.0.3 - SQL Injection via Article Management Search Keywords Parameter
CVSS 7.2
CVE-2018-17416
HIGH
zzcms v8.3 - SQL Injection via Bigclassid Parameter
CVSS 7.2
CVE-2018-17415
HIGH
zzcms V8.3 - SQL Injection via id Parameter
CVSS 8.8
Details
Vulnerabilities
19,857
Exploit Likelihood
High