VYPR

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7

CVEs mapped to this weakness (10,236)

page 35 of 512
  • CVE-2019-12149CriJun 11, 2019
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in silverstripe/restfulserver module 1.0.x before 1.0.9, 2.0.x before 2.0.4, and 2.1.x before 2.1.2 and silverstripe/registry module 2.1.x before 2.1.1 and 2.2.x before 2.2.1 allows attackers to execute arbitrary SQL commands.

  • CVE-2017-14851CriJun 3, 2019
    risk 0.64cvss 9.8epss 0.04

    A SQL injection vulnerability exists in all Orpak SiteOmat versions prior to 2017-09-25. The vulnerability is in the login page, where the authentication validation process contains an insecure SELECT query. The attack allows for authentication bypass.

  • CVE-2019-5715CriApr 11, 2019
    risk 0.64cvss 9.8epss 0.02

    All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject.

  • CVE-2018-16809CriMar 7, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit.

  • CVE-2019-6798CriJan 26, 2019
    risk 0.64cvss 9.8epss 0.04

    An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.

  • CVE-2018-18530CriOct 19, 2018
    risk 0.64cvss 9.8epss 0.01

    ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI.

  • CVE-2018-18529CriOct 19, 2018
    risk 0.64cvss 9.8epss 0.01

    ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. NOTE: a backquote character is not required in the attack URI.

  • CVE-2018-18200CriOct 9, 2018
    risk 0.64cvss 9.8epss 0.01

    There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4.

  • CVE-2018-18084CriOct 9, 2018
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in DuomiCMS 3.0. SQL injection exists in the ajax.php file, as demonstrated by the uid parameter.

  • CVE-2018-18075CriOct 9, 2018
    risk 0.64cvss 9.8epss 0.02

    WikidForum 2.20 has SQL Injection via the rpc.php parent_post_id or num_records parameter, or the index.php?action=search select_sort parameter.

  • CVE-2018-12470CriOct 4, 2018
    risk 0.64cvss 9.8epss 0.02

    A SQL Injection in the RegistrationSharing module of SUSE Linux SMT allows remote attackers to cause execute arbitrary SQL statements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.

  • CVE-2018-17852CriOct 1, 2018
    risk 0.64cvss 9.8epss 0.02

    A SQL injection was discovered in WUZHI CMS 4.1.0 in coreframe/app/coupon/admin/card.php via the groupname parameter to the /index.php?m=coupon&f=card&v=detail_listing URI.

  • CVE-2018-17831CriOct 1, 2018
    risk 0.64cvss 9.8epss 0.02

    In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. Endangered was the backend and the frontend only if rex_list…

  • CVE-2018-17796CriSep 30, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in MRCMS (aka mushroom) through 3.1.2. The WebParam.java file directly accepts the FIELD_T parameter in a request and uses it as a hash of SQL statements without filtering, resulting in a SQL injection vulnerability in getChannel() in the…

  • CVE-2018-17575CriSep 28, 2018
    risk 0.64cvss 9.8epss 0.01

    SWA SWA.JACAD 3.1.37 Build 024 has SQL Injection via the /academico/aluno/esqueci-minha-senha/ studentId parameter.

  • CVE-2018-14956CriSep 28, 2018
    risk 0.64cvss 9.8epss 0.03

    CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. An attacker can inject malicious queries into the application and obtain sensitive information.

  • CVE-2018-17566CriSep 26, 2018
    risk 0.64cvss 9.8epss 0.02

    In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request.

  • CVE-2018-17410CriSep 26, 2018
    risk 0.64cvss 9.8epss 0.02

    Horus CMS allows SQL Injection, as demonstrated by a request to the /busca or /home URI.

  • CVE-2015-8298CriSep 24, 2018
    risk 0.64cvss 9.8epss 0.03

    Multiple SQL injection vulnerabilities in the login page in RXTEC RXAdmin UPDATE 06 / 2012 allow remote attackers to execute arbitrary SQL commands via the (1) loginpassword, (2) loginusername, (3) zusatzlicher, or (4) groupid parameter to index.htm, or the (5) rxtec cookie to…

  • CVE-2018-16822CriSep 21, 2018
    risk 0.64cvss 9.8epss 0.01

    SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter.