CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7
CVEs mapped to this weakness (10,236)
page 144 of 512| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-17562 | Hig | 0.49 | 7.5 | 0.01 | Oct 3, 2018 | Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status/call_details?oid= URI, allowing an attacker to extract the underlying database schema to further disclose other fax server information through different injection points. | ||
| CVE-2018-16384 | Hig | 0.49 | 7.5 | 0.02 | Sep 3, 2018 | A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as "if") and b is the SQL statement to be executed. | ||
| CVE-2017-10937 | Hig | 0.49 | 7.5 | 0.01 | Jul 25, 2018 | SQL injection vulnerability in all versions prior to V2.01.05.09 of the ZTE ZXIPTV-UCM product allows remote attackers to execute arbitrary SQL commands via the opertype parameter, resulting in the disclosure of database information. | ||
| CVE-2017-10936 | Hig | 0.49 | 7.5 | 0.01 | Jul 25, 2018 | SQL injection vulnerability in all versions prior to V4.01.01 of the ZTE ZXCDN-SNS product allows remote attackers to execute arbitrary SQL commands via the aoData parameter, resulting in the disclosure of database information. | ||
| CVE-2018-1132 | Hig | 0.49 | 7.5 | 0.03 | Jun 20, 2018 | A flaw was found in Opendaylight's SDNInterfaceapp (SDNI). Attackers can SQL inject the component's database (SQLite) without authenticating to the controller or SDNInterfaceapp. SDNInterface has been deprecated in OpenDayLight since it was last used in the final Carbon series… | ||
| CVE-2018-7501 | Hig | 0.49 | 7.5 | 0.02 | May 15, 2018 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been… | ||
| CVE-2018-1280 | Hig | 0.49 | 7.5 | 0.02 | May 11, 2018 | Pivotal Greenplum Command Center versions 2.x prior to 2.5.1 contains a blind SQL injection vulnerability. An unauthenticated user can perform a SQL injection in the command center which results in disclosure of database contents. | ||
| CVE-2018-8820 | Hig | 0.49 | 7.5 | 0.02 | Mar 28, 2018 | An issue was discovered in Square 9 GlobalForms 6.2.x. A Time Based SQL injection vulnerability in the "match" parameter allows remote authenticated attackers to execute arbitrary SQL commands. It is possible to upgrade access to full server compromise via xp_cmdshell. In some… | ||
| CVE-2017-0914 | Hig | 0.49 | 7.5 | 0.01 | Mar 21, 2018 | Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vulnerable to a SQL injection in the MilestoneFinder component resulting in disclosure of all data in a GitLab instance's database. | ||
| CVE-2017-5812 | Hig | 0.49 | 7.5 | 0.05 | Feb 15, 2018 | A remote sql information disclosure vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. | ||
| CVE-2017-17567 | Hig | 0.49 | 7.5 | 0.01 | Dec 13, 2017 | Scubez Posty Readymade Classifieds has SQL Injection via the admin/user_activate_submit.php ID parameter. | ||
| CVE-2017-17102 | Hig | 0.49 | 7.5 | 0.01 | Dec 4, 2017 | Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $_REQUEST['link']. | ||
| CVE-2017-1000129 | Hig | 0.49 | 7.5 | 0.01 | Nov 17, 2017 | Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure | ||
| CVE-2017-1002005 | Hig | 0.49 | 7.5 | 0.03 | Sep 14, 2017 | Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contact_id variable before adding it to the end of an SQL query. | ||
| CVE-2017-1002004 | Hig | 0.49 | 7.5 | 0.03 | Sep 14, 2017 | Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn't sanitized via the id variable before adding it to the end of an SQL query. | ||
| CVE-2017-12710 | Hig | 0.49 | 7.5 | 0.02 | Aug 30, 2017 | A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information. | ||
| CVE-2017-1183 | Hig | 0.49 | 7.5 | 0.01 | Jul 17, 2017 | IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-Force ID: 123494. | ||
| CVE-2017-4972 | Hig | 0.49 | 7.5 | 0.01 | Jun 13, 2017 | An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x… | ||
| CVE-2017-7236 | Hig | 0.49 | 7.5 | 0.02 | May 26, 2017 | SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||
| CVE-2017-7879 | Hig | 0.49 | 7.5 | 0.01 | Apr 14, 2017 | SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database. |
- risk 0.49cvss 7.5epss 0.01
Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status/call_details?oid= URI, allowing an attacker to extract the underlying database schema to further disclose other fax server information through different injection points.
- risk 0.49cvss 7.5epss 0.02
A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as "if") and b is the SQL statement to be executed.
- risk 0.49cvss 7.5epss 0.01
SQL injection vulnerability in all versions prior to V2.01.05.09 of the ZTE ZXIPTV-UCM product allows remote attackers to execute arbitrary SQL commands via the opertype parameter, resulting in the disclosure of database information.
- risk 0.49cvss 7.5epss 0.01
SQL injection vulnerability in all versions prior to V4.01.01 of the ZTE ZXCDN-SNS product allows remote attackers to execute arbitrary SQL commands via the aoData parameter, resulting in the disclosure of database information.
- risk 0.49cvss 7.5epss 0.03
A flaw was found in Opendaylight's SDNInterfaceapp (SDNI). Attackers can SQL inject the component's database (SQLite) without authenticating to the controller or SDNInterfaceapp. SDNInterface has been deprecated in OpenDayLight since it was last used in the final Carbon series…
- risk 0.49cvss 7.5epss 0.02
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been…
- risk 0.49cvss 7.5epss 0.02
Pivotal Greenplum Command Center versions 2.x prior to 2.5.1 contains a blind SQL injection vulnerability. An unauthenticated user can perform a SQL injection in the command center which results in disclosure of database contents.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in Square 9 GlobalForms 6.2.x. A Time Based SQL injection vulnerability in the "match" parameter allows remote authenticated attackers to execute arbitrary SQL commands. It is possible to upgrade access to full server compromise via xp_cmdshell. In some…
- risk 0.49cvss 7.5epss 0.01
Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vulnerable to a SQL injection in the MilestoneFinder component resulting in disclosure of all data in a GitLab instance's database.
- risk 0.49cvss 7.5epss 0.05
A remote sql information disclosure vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.
- risk 0.49cvss 7.5epss 0.01
Scubez Posty Readymade Classifieds has SQL Injection via the admin/user_activate_submit.php ID parameter.
- risk 0.49cvss 7.5epss 0.01
Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $_REQUEST['link'].
- risk 0.49cvss 7.5epss 0.01
Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure
- risk 0.49cvss 7.5epss 0.03
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contact_id variable before adding it to the end of an SQL query.
- risk 0.49cvss 7.5epss 0.03
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn't sanitized via the id variable before adding it to the end of an SQL query.
- risk 0.49cvss 7.5epss 0.02
A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information.
- risk 0.49cvss 7.5epss 0.01
IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-Force ID: 123494.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x…
- risk 0.49cvss 7.5epss 0.02
SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- risk 0.49cvss 7.5epss 0.01
SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database.