CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Hierarchy (View 1000)

Parents

CWE-943

Children

CWE-564

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7

CVEs mapped to this weakness (8,799)

page 28 of 440

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2017-9246	Cri	0.64	9.8	0.00	Jun 13, 2017	New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLAN_ALL ON protection mechanism.
CVE-2016-2034	Cri	0.64	9.8	0.00	Jun 8, 2017	SQL injection vulnerability in ClearPass Policy Manager 6.5.x through 6.5.6 and 6.6.0.
CVE-2017-9436	Cri	0.64	9.8	0.00	Jun 5, 2017	TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php.
CVE-2017-9435	Cri	0.64	9.8	0.00	Jun 5, 2017	Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters).
CVE-2017-9360	Cri	0.64	9.8	0.00	Jun 2, 2017	WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php.
CVE-2016-4905	Cri	0.64	9.8	0.02	May 22, 2017	SQL injection vulnerability in the WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows attackers with administrator rights to execute arbitrary SQL commands via unspecified vectors.
CVE-2017-6195	Cri	0.64	9.8	0.00	May 18, 2017	Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection. The fixed versions are MOVEit Transfer 2017 9.0.0.201, MOVEit DMZ 8.3.0.30, and MOVEit DMZ 8.2.0.20.
CVE-2017-7886	Cri	0.64	9.8	0.00	May 10, 2017	Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter.
CVE-2017-8796	Cri	0.64	9.8	0.00	May 5, 2017	An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because mysql_real_escape_string is misused, seos/courier/communication_p2p.php allows SQL injection with the app_id parameter.
CVE-2017-8789	Cri	0.64	9.8	0.00	May 5, 2017	An issue was discovered on Accellion FTA devices before FTA_9_12_180. A report_error.php?year='payload SQL injection vector exists.
CVE-2017-7991	Cri	0.64	9.8	0.01	Apr 22, 2017	Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php.
CVE-2017-7878	Cri	0.64	9.8	0.00	Apr 14, 2017	SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database.
CVE-2016-6818	Cri	0.64	9.8	0.02	Apr 13, 2017	SQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote attackers to obtain sensitive information, modify data, cause a denial of service (data deletion), or launch administrative operations or possibly OS commands via a crafted SQL query. The vendor response is SAP Security Note 2361633.
CVE-2016-2566	Cri	0.64	9.8	0.01	Apr 13, 2017	Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices has SQL injection, aka SVE-2015-5081.
CVE-2017-7628	Cri	0.64	9.8	0.00	Apr 13, 2017	The "Smart related articles" extension 1.1 for Joomla! has SQL injection in dialog.php (attacker must use search_cats variable in POST method to exploit this vulnerability).
CVE-2017-7719	Cri	0.64	9.8	0.01	Apr 12, 2017	SQL injection in the Spider Event Calendar (aka spider-event-calendar) plugin before 1.5.52 for WordPress is exploitable with the order_by parameter to calendar_functions.php or widget_Theme_functions.php, related to front_end/frontend_functions.php.
CVE-2017-7410	Cri	0.64	9.8	0.02	Apr 3, 2017	Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) display_name parameter.
CVE-2017-6013	Cri	0.64	9.8	0.01	Mar 27, 2017	Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query parameter.
CVE-2016-9087	Cri	0.64	9.8	0.03	Mar 7, 2017	SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the fileid parameter.
CVE-2016-9020	Cri	0.64	9.8	0.03	Mar 7, 2017	SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter.

CVE-2017-9246CriJun 13, 2017
risk 0.64cvss 9.8epss 0.00
New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLAN_ALL ON protection mechanism.
CVE-2016-2034CriJun 8, 2017
risk 0.64cvss 9.8epss 0.00
SQL injection vulnerability in ClearPass Policy Manager 6.5.x through 6.5.6 and 6.6.0.
CVE-2017-9436CriJun 5, 2017
risk 0.64cvss 9.8epss 0.00
TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php.
CVE-2017-9435CriJun 5, 2017
risk 0.64cvss 9.8epss 0.00
Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters).
CVE-2017-9360CriJun 2, 2017
risk 0.64cvss 9.8epss 0.00
WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php.
CVE-2016-4905CriMay 22, 2017
risk 0.64cvss 9.8epss 0.02
SQL injection vulnerability in the WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows attackers with administrator rights to execute arbitrary SQL commands via unspecified vectors.
CVE-2017-6195CriMay 18, 2017
risk 0.64cvss 9.8epss 0.00
Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection. The fixed versions are MOVEit Transfer 2017 9.0.0.201, MOVEit DMZ 8.3.0.30, and MOVEit DMZ 8.2.0.20.
CVE-2017-7886CriMay 10, 2017
risk 0.64cvss 9.8epss 0.00
Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter.
CVE-2017-8796CriMay 5, 2017
risk 0.64cvss 9.8epss 0.00
An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because mysql_real_escape_string is misused, seos/courier/communication_p2p.php allows SQL injection with the app_id parameter.
CVE-2017-8789CriMay 5, 2017
risk 0.64cvss 9.8epss 0.00
An issue was discovered on Accellion FTA devices before FTA_9_12_180. A report_error.php?year='payload SQL injection vector exists.
CVE-2017-7991CriApr 22, 2017
risk 0.64cvss 9.8epss 0.01
Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php.
CVE-2017-7878CriApr 14, 2017
risk 0.64cvss 9.8epss 0.00
SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database.
CVE-2016-6818CriApr 13, 2017
risk 0.64cvss 9.8epss 0.02
SQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote attackers to obtain sensitive information, modify data, cause a denial of service (data deletion), or launch administrative operations or possibly OS commands via a crafted SQL query. The vendor response is SAP Security Note 2361633.
CVE-2016-2566CriApr 13, 2017
risk 0.64cvss 9.8epss 0.01
Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices has SQL injection, aka SVE-2015-5081.
CVE-2017-7628CriApr 13, 2017
risk 0.64cvss 9.8epss 0.00
The "Smart related articles" extension 1.1 for Joomla! has SQL injection in dialog.php (attacker must use search_cats variable in POST method to exploit this vulnerability).
CVE-2017-7719CriApr 12, 2017
risk 0.64cvss 9.8epss 0.01
SQL injection in the Spider Event Calendar (aka spider-event-calendar) plugin before 1.5.52 for WordPress is exploitable with the order_by parameter to calendar_functions.php or widget_Theme_functions.php, related to front_end/frontend_functions.php.
CVE-2017-7410CriApr 3, 2017
risk 0.64cvss 9.8epss 0.02
Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) display_name parameter.
CVE-2017-6013CriMar 27, 2017
risk 0.64cvss 9.8epss 0.01
Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query parameter.
CVE-2016-9087CriMar 7, 2017
risk 0.64cvss 9.8epss 0.03
SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the fileid parameter.
CVE-2016-9020CriMar 7, 2017
risk 0.64cvss 9.8epss 0.03
SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter.