CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7
CVEs mapped to this weakness (12,807)
page 315 of 641| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-2062 | Hig | 0.47 | 7.2 | 0.02 | Feb 8, 2020 | Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-image) plugin before 2.7.0 for WordPress allow remote administrators to execute arbitrary SQL commands via the removeslide parameter in a popup_posts or edit_cat action in the sliders_huge_it_slider page to… | ||
| CVE-2019-15985 | Hig | 0.47 | 7.2 | 0.03 | Jan 6, 2020 | Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative… | ||
| CVE-2019-20337 | Hig | 0.47 | 7.2 | 0.01 | Jan 5, 2020 | In PHP Scripts Mall advanced-real-estate-script 4.0.9, the news_edit.php news_id parameter is vulnerable to SQL Injection. | ||
| CVE-2019-19732 | Hig | 0.47 | 7.2 | 0.01 | Dec 30, 2019 | translation_manage_text.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 directly insert values from the aSortDir_0 and/or sSortDir_0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically… | ||
| CVE-2019-6012 | Hig | 0.47 | 7.2 | 0.01 | Dec 26, 2019 | SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | ||
| CVE-2019-19850 | — | Hig | 0.47 | 7.2 | 0.01 | Dec 17, 2019 | An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed,… | |
| CVE-2019-18646 | Hig | 0.47 | 7.2 | 0.01 | Nov 14, 2019 | The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user. | ||
| CVE-2019-17612 | Hig | 0.47 | 7.2 | 0.01 | Oct 15, 2019 | An issue was discovered in 74CMS v5.2.8. There is a SQL Injection generated by the _list method in the Common/Controller/BackendController.class.php file via the index.php?m=Admin&c=Ad&a=category sort parameter. | ||
| CVE-2015-9462 | Hig | 0.47 | 7.2 | 0.02 | Oct 10, 2019 | The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_category_page SQL injection via the cat_id parameter. | ||
| CVE-2015-9461 | Hig | 0.47 | 7.2 | 0.02 | Oct 10, 2019 | The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_portfolio_item_page SQL injection via the item_id parameter. | ||
| CVE-2015-9458 | Hig | 0.47 | 7.2 | 0.02 | Oct 10, 2019 | The searchterms-tagging-2 plugin through 1.535 for WordPress has SQL injection via the pk_stt2_db_get_popular_terms count parameter exploitable via CSRF. | ||
| CVE-2015-9457 | Hig | 0.47 | 7.2 | 0.02 | Oct 10, 2019 | The pretty-link plugin before 1.6.8 for WordPress has PrliLinksController::list_links SQL injection via the group parameter. | ||
| CVE-2019-17419 | Hig | 0.47 | 7.2 | 0.01 | Oct 10, 2019 | An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=user&c=admin_user&a=doGetUserInfo id parameter. | ||
| CVE-2019-17370 | Hig | 0.47 | 7.2 | 0.02 | Oct 9, 2019 | OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheckFile_deal.php blocks "into outfile" in a SELECT statement, but does not block the "into/**/outfile" manipulation. Therefore, the attacker can create a .php file. | ||
| CVE-2019-17292 | Hig | 0.47 | 7.2 | 0.01 | Oct 7, 2019 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by an Admin user. | ||
| CVE-2015-9449 | Hig | 0.47 | 7.2 | 0.02 | Sep 26, 2019 | The microblog-poster plugin before 1.6.2 for WordPress has SQL Injection via the wp-admin/options-general.php?page=microblogposter.php account_id parameter. | ||
| CVE-2015-9399 | Hig | 0.47 | 7.2 | 0.02 | Sep 20, 2019 | The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graph_trend.php type SQL injection. | ||
| CVE-2019-4147 | Hig | 0.47 | 7.2 | 0.01 | Sep 16, 2019 | IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413. | ||
| CVE-2016-10951 | Hig | 0.47 | 7.2 | 0.02 | Sep 13, 2019 | The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter. | ||
| CVE-2016-10947 | Hig | 0.47 | 7.2 | 0.02 | Sep 13, 2019 | The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection via the period parameter by a super admin. |
- risk 0.47cvss 7.2epss 0.02
Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-image) plugin before 2.7.0 for WordPress allow remote administrators to execute arbitrary SQL commands via the removeslide parameter in a popup_posts or edit_cat action in the sliders_huge_it_slider page to…
- risk 0.47cvss 7.2epss 0.03
Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative…
- risk 0.47cvss 7.2epss 0.01
In PHP Scripts Mall advanced-real-estate-script 4.0.9, the news_edit.php news_id parameter is vulnerable to SQL Injection.
- risk 0.47cvss 7.2epss 0.01
translation_manage_text.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 directly insert values from the aSortDir_0 and/or sSortDir_0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically…
- risk 0.47cvss 7.2epss 0.01
SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
- risk 0.47cvss 7.2epss 0.01
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed,…
- risk 0.47cvss 7.2epss 0.01
The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user.
- risk 0.47cvss 7.2epss 0.01
An issue was discovered in 74CMS v5.2.8. There is a SQL Injection generated by the _list method in the Common/Controller/BackendController.class.php file via the index.php?m=Admin&c=Ad&a=category sort parameter.
- risk 0.47cvss 7.2epss 0.02
The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_category_page SQL injection via the cat_id parameter.
- risk 0.47cvss 7.2epss 0.02
The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_portfolio_item_page SQL injection via the item_id parameter.
- risk 0.47cvss 7.2epss 0.02
The searchterms-tagging-2 plugin through 1.535 for WordPress has SQL injection via the pk_stt2_db_get_popular_terms count parameter exploitable via CSRF.
- risk 0.47cvss 7.2epss 0.02
The pretty-link plugin before 1.6.8 for WordPress has PrliLinksController::list_links SQL injection via the group parameter.
- risk 0.47cvss 7.2epss 0.01
An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=user&c=admin_user&a=doGetUserInfo id parameter.
- risk 0.47cvss 7.2epss 0.02
OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheckFile_deal.php blocks "into outfile" in a SELECT statement, but does not block the "into/**/outfile" manipulation. Therefore, the attacker can create a .php file.
- risk 0.47cvss 7.2epss 0.01
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by an Admin user.
- risk 0.47cvss 7.2epss 0.02
The microblog-poster plugin before 1.6.2 for WordPress has SQL Injection via the wp-admin/options-general.php?page=microblogposter.php account_id parameter.
- risk 0.47cvss 7.2epss 0.02
The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graph_trend.php type SQL injection.
- risk 0.47cvss 7.2epss 0.01
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.
- risk 0.47cvss 7.2epss 0.02
The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter.
- risk 0.47cvss 7.2epss 0.02
The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection via the period parameter by a super admin.