CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7
CVEs mapped to this weakness (8,813)
page 335 of 441| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2008-4569 | 0.03 | — | 0.00 | Oct 15, 2008 | SQL injection vulnerability in xlacomments.asp in XIGLA Software Absolute Poll Manager XE 4.1 allows remote attackers to execute arbitrary SQL commands via the p parameter. | ||
| CVE-2008-4527 | 0.03 | — | 0.01 | Oct 9, 2008 | SQL injection vulnerability in recept.php in the Recepies (Recept) module 1.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the kat_id parameter in a kategorier action. NOTE: some of these details are obtained from third party information. | ||
| CVE-2008-4525 | 0.03 | — | 0.01 | Oct 9, 2008 | SQL injection vulnerability in index.php in AmpJuke 0.7.5 allows remote attackers to execute arbitrary SQL commands via the special parameter in a performerid action. | ||
| CVE-2008-4524 | 0.03 | — | 0.01 | Oct 9, 2008 | SQL injection vulnerability in the "Check User" feature (includes/check_user.php) in AdaptCMS Lite and AdaptCMS Pro 1.3 allows remote attackers to execute arbitrary SQL commands via the user_name parameter. | ||
| CVE-2008-4523 | 0.03 | — | 0.00 | Oct 9, 2008 | SQL injection vulnerability in login.php in IP Reg 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the user_name parameter. | ||
| CVE-2008-4521 | 0.03 | — | 0.00 | Oct 9, 2008 | SQL injection vulnerability in thisraidprogress.php in the World of Warcraft tracker infusion (raidtracker_panel) module 2.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the INFO_RAID_ID parameter. | ||
| CVE-2008-4518 | 0.03 | — | 0.01 | Oct 9, 2008 | Multiple SQL injection vulnerabilities in Fastpublish CMS 1.9.9.9.9 d (1.9999 d) allow remote attackers to execute arbitrary SQL commands via the (1) sprache parameter to index2.php and the (2) artikel parameter to index.php. | ||
| CVE-2008-4517 | 0.03 | — | 0.00 | Oct 9, 2008 | SQL injection vulnerability in leggi.php in geccBBlite 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||
| CVE-2008-4516 | 0.03 | — | 0.00 | Oct 9, 2008 | SQL injection vulnerability in galerie.php in Galerie 3.2 allows remote attackers to execute arbitrary SQL commands via the pic parameter. | ||
| CVE-2008-4498 | 0.03 | — | 0.00 | Oct 9, 2008 | SQL injection vulnerability in searchresults.php in PHP Autos 2.9.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | ||
| CVE-2008-4497 | 0.03 | — | 0.00 | Oct 9, 2008 | SQL injection vulnerability in event_detail.php in Built2Go Real Estate Listings 1.5 allows remote attackers to execute arbitrary SQL commands via the event_id parameter. | ||
| CVE-2008-4496 | 0.03 | — | 0.01 | Oct 9, 2008 | SQL injection vulnerability in view_cat.php in PHP Realtor 1.5 allows remote attackers to execute arbitrary SQL commands via the v_cat parameter. | ||
| CVE-2008-4495 | 0.03 | — | 0.01 | Oct 9, 2008 | SQL injection vulnerability in view_cat.php in PHP Auto Dealer 2.7 allows remote attackers to execute arbitrary SQL commands via the v_cat parameter. | ||
| CVE-2008-4494 | 0.03 | — | 0.01 | Oct 9, 2008 | SQL injection vulnerability in completed-advance.php in TorrentTrader Classic 1.08 and 1.04 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||
| CVE-2008-4492 | 0.03 | — | 0.01 | Oct 8, 2008 | SQL injection vulnerability in referrals.php in YourOwnBux 4.0 allows remote attackers to execute arbitrary SQL commands via the usNick cookie. | ||
| CVE-2008-4469 | 0.03 | — | 0.00 | Oct 7, 2008 | SQL injection vulnerability in view_cresume.php in Vastal I-Tech Freelance Zone allows remote attackers to execute arbitrary SQL commands via the coder_id parameter. | ||
| CVE-2008-4468 | 0.03 | — | 0.00 | Oct 7, 2008 | SQL injection vulnerability in view_news.php in Vastal I-Tech Share Zone allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||
| CVE-2008-4467 | 0.03 | — | 0.00 | Oct 7, 2008 | SQL injection vulnerability in show_series_ink.php in Vastal I-Tech Toner Cart allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||
| CVE-2008-4466 | 0.03 | — | 0.00 | Oct 7, 2008 | SQL injection vulnerability in view_products_cat.php in Vastal I-Tech Cosmetics Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | ||
| CVE-2008-4465 | 0.03 | — | 0.00 | Oct 7, 2008 | SQL injection vulnerability in view_mags.php in Vastal I-Tech DVD Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. |
- CVE-2008-4569Oct 15, 2008risk 0.03cvss —epss 0.00
SQL injection vulnerability in xlacomments.asp in XIGLA Software Absolute Poll Manager XE 4.1 allows remote attackers to execute arbitrary SQL commands via the p parameter.
- CVE-2008-4527Oct 9, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in recept.php in the Recepies (Recept) module 1.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the kat_id parameter in a kategorier action. NOTE: some of these details are obtained from third party information.
- CVE-2008-4525Oct 9, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in AmpJuke 0.7.5 allows remote attackers to execute arbitrary SQL commands via the special parameter in a performerid action.
- CVE-2008-4524Oct 9, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the "Check User" feature (includes/check_user.php) in AdaptCMS Lite and AdaptCMS Pro 1.3 allows remote attackers to execute arbitrary SQL commands via the user_name parameter.
- CVE-2008-4523Oct 9, 2008risk 0.03cvss —epss 0.00
SQL injection vulnerability in login.php in IP Reg 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the user_name parameter.
- CVE-2008-4521Oct 9, 2008risk 0.03cvss —epss 0.00
SQL injection vulnerability in thisraidprogress.php in the World of Warcraft tracker infusion (raidtracker_panel) module 2.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the INFO_RAID_ID parameter.
- CVE-2008-4518Oct 9, 2008risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in Fastpublish CMS 1.9.9.9.9 d (1.9999 d) allow remote attackers to execute arbitrary SQL commands via the (1) sprache parameter to index2.php and the (2) artikel parameter to index.php.
- CVE-2008-4517Oct 9, 2008risk 0.03cvss —epss 0.00
SQL injection vulnerability in leggi.php in geccBBlite 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-4516Oct 9, 2008risk 0.03cvss —epss 0.00
SQL injection vulnerability in galerie.php in Galerie 3.2 allows remote attackers to execute arbitrary SQL commands via the pic parameter.
- CVE-2008-4498Oct 9, 2008risk 0.03cvss —epss 0.00
SQL injection vulnerability in searchresults.php in PHP Autos 2.9.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
- CVE-2008-4497Oct 9, 2008risk 0.03cvss —epss 0.00
SQL injection vulnerability in event_detail.php in Built2Go Real Estate Listings 1.5 allows remote attackers to execute arbitrary SQL commands via the event_id parameter.
- CVE-2008-4496Oct 9, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in view_cat.php in PHP Realtor 1.5 allows remote attackers to execute arbitrary SQL commands via the v_cat parameter.
- CVE-2008-4495Oct 9, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in view_cat.php in PHP Auto Dealer 2.7 allows remote attackers to execute arbitrary SQL commands via the v_cat parameter.
- CVE-2008-4494Oct 9, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in completed-advance.php in TorrentTrader Classic 1.08 and 1.04 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-4492Oct 8, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in referrals.php in YourOwnBux 4.0 allows remote attackers to execute arbitrary SQL commands via the usNick cookie.
- CVE-2008-4469Oct 7, 2008risk 0.03cvss —epss 0.00
SQL injection vulnerability in view_cresume.php in Vastal I-Tech Freelance Zone allows remote attackers to execute arbitrary SQL commands via the coder_id parameter.
- CVE-2008-4468Oct 7, 2008risk 0.03cvss —epss 0.00
SQL injection vulnerability in view_news.php in Vastal I-Tech Share Zone allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-4467Oct 7, 2008risk 0.03cvss —epss 0.00
SQL injection vulnerability in show_series_ink.php in Vastal I-Tech Toner Cart allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-4466Oct 7, 2008risk 0.03cvss —epss 0.00
SQL injection vulnerability in view_products_cat.php in Vastal I-Tech Cosmetics Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
- CVE-2008-4465Oct 7, 2008risk 0.03cvss —epss 0.00
SQL injection vulnerability in view_mags.php in Vastal I-Tech DVD Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.