CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Hierarchy (View 1000)

Parents

CWE-943

Children

CWE-564

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7

CVEs mapped to this weakness (8,799)

page 30 of 440

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2017-5574	Cri	0.64	9.8	0.03	Jan 23, 2017	SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows unauthenticated users to execute arbitrary SQL commands via the activation parameter.
CVE-2017-5519	Cri	0.64	9.8	0.01	Jan 17, 2017	SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2017-5517	Cri	0.64	9.8	0.01	Jan 17, 2017	SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter.
CVE-2016-10114	Cri	0.64	9.8	0.01	Jan 4, 2017	SQL injection vulnerability in the "aWeb Cart Watching System for Virtuemart" extension before 2.6.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via vectors involving categorysearch and smartSearch.
CVE-2016-2355	Cri	0.64	9.8	0.01	Dec 19, 2016	SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1.
CVE-2016-9481	Cri	0.64	9.8	0.00	Nov 29, 2016	In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. The method showComments is defined in the expCommentControllercontroller with the parameter '$this->params['content_id']' used directly in SQL. Impact is a SQL injection.
CVE-2016-9287	Cri	0.64	9.8	0.01	Nov 15, 2016	In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults. The method getSearchResults is defined in the search model with the parameter '$term' used directly in SQL. Impact is a SQL injection.
CVE-2016-8902	Cri	0.64	9.8	0.01	Nov 14, 2016	SQL injection vulnerability in the categoriesServlet servlet in dotCMS before 3.3.1 allows remote not authenticated attackers to execute arbitrary SQL commands via the sort parameter.
CVE-2016-9288	Cri	0.64	9.8	0.00	Nov 11, 2016	In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter "target" of function "DragnDropReRank" is directly used without any filtration which caused SQL injection. The payload can be used like this: /navigation/DragnDropReRank/target/1.
CVE-2016-7453	Cri	0.64	9.8	0.01	Nov 3, 2016	The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection.
CVE-2016-1000113	Cri	0.64	9.8	0.03	Oct 6, 2016	XSS and SQLi in huge IT gallery v1.1.5 for Joomla
CVE-2015-1000011	Cri	0.64	9.8	0.06	Oct 6, 2016	Blind SQL Injection in wordpress plugin dukapress v2.5.9
CVE-2015-1000003	Cri	0.64	9.8	0.06	Oct 6, 2016	Blind SQL Injection in filedownload v1.4 wordpress plugin
CVE-2016-7405	Cri	0.64	9.8	0.03	Oct 3, 2016	The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.
CVE-2016-5048	Cri	0.64	9.8	0.01	Aug 26, 2016	SQL injection vulnerability in chat/staff/default.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary SQL commands via the user name field.
CVE-2016-5817	Cri	0.64	9.8	0.00	Aug 22, 2016	SQL injection vulnerability in news pages in Cargotec Navis WebAccess before 2016-08-10 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-5792	Cri	0.64	9.8	0.02	Aug 8, 2016	SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified fields.
CVE-2016-4999	Cri	0.64	9.8	0.07	Aug 5, 2016	SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI.
CVE-2016-4837	Cri	0.64	9.8	0.03	Aug 1, 2016	SQL injection vulnerability in the Seed Coupon plugin before 1.6 for EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-4522	Cri	0.64	9.8	0.01	Jul 28, 2016	SQL injection vulnerability in Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2017-5574CriJan 23, 2017
risk 0.64cvss 9.8epss 0.03
SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows unauthenticated users to execute arbitrary SQL commands via the activation parameter.
CVE-2017-5519CriJan 17, 2017
risk 0.64cvss 9.8epss 0.01
SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2017-5517CriJan 17, 2017
risk 0.64cvss 9.8epss 0.01
SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter.
CVE-2016-10114CriJan 4, 2017
risk 0.64cvss 9.8epss 0.01
SQL injection vulnerability in the "aWeb Cart Watching System for Virtuemart" extension before 2.6.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via vectors involving categorysearch and smartSearch.
CVE-2016-2355CriDec 19, 2016
risk 0.64cvss 9.8epss 0.01
SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1.
CVE-2016-9481CriNov 29, 2016
risk 0.64cvss 9.8epss 0.00
In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. The method showComments is defined in the expCommentControllercontroller with the parameter '$this->params['content_id']' used directly in SQL. Impact is a SQL injection.
CVE-2016-9287CriNov 15, 2016
risk 0.64cvss 9.8epss 0.01
In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults. The method getSearchResults is defined in the search model with the parameter '$term' used directly in SQL. Impact is a SQL injection.
CVE-2016-8902CriNov 14, 2016
risk 0.64cvss 9.8epss 0.01
SQL injection vulnerability in the categoriesServlet servlet in dotCMS before 3.3.1 allows remote not authenticated attackers to execute arbitrary SQL commands via the sort parameter.
CVE-2016-9288CriNov 11, 2016
risk 0.64cvss 9.8epss 0.00
In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter "target" of function "DragnDropReRank" is directly used without any filtration which caused SQL injection. The payload can be used like this: /navigation/DragnDropReRank/target/1.
CVE-2016-7453CriNov 3, 2016
risk 0.64cvss 9.8epss 0.01
The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection.
CVE-2016-1000113CriOct 6, 2016
risk 0.64cvss 9.8epss 0.03
XSS and SQLi in huge IT gallery v1.1.5 for Joomla
CVE-2015-1000011CriOct 6, 2016
risk 0.64cvss 9.8epss 0.06
Blind SQL Injection in wordpress plugin dukapress v2.5.9
CVE-2015-1000003CriOct 6, 2016
risk 0.64cvss 9.8epss 0.06
Blind SQL Injection in filedownload v1.4 wordpress plugin
CVE-2016-7405CriOct 3, 2016
risk 0.64cvss 9.8epss 0.03
The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.
CVE-2016-5048CriAug 26, 2016
risk 0.64cvss 9.8epss 0.01
SQL injection vulnerability in chat/staff/default.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary SQL commands via the user name field.
CVE-2016-5817CriAug 22, 2016
risk 0.64cvss 9.8epss 0.00
SQL injection vulnerability in news pages in Cargotec Navis WebAccess before 2016-08-10 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-5792CriAug 8, 2016
risk 0.64cvss 9.8epss 0.02
SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified fields.
CVE-2016-4999CriAug 5, 2016
risk 0.64cvss 9.8epss 0.07
SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI.
CVE-2016-4837CriAug 1, 2016
risk 0.64cvss 9.8epss 0.03
SQL injection vulnerability in the Seed Coupon plugin before 1.6 for EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-4522CriJul 28, 2016
risk 0.64cvss 9.8epss 0.01
SQL injection vulnerability in Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.