CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7
CVEs mapped to this weakness (10,236)
page 35 of 512| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-12149 | — | Cri | 0.64 | 9.8 | 0.01 | Jun 11, 2019 | SQL injection vulnerability in silverstripe/restfulserver module 1.0.x before 1.0.9, 2.0.x before 2.0.4, and 2.1.x before 2.1.2 and silverstripe/registry module 2.1.x before 2.1.1 and 2.2.x before 2.2.1 allows attackers to execute arbitrary SQL commands. | |
| CVE-2017-14851 | Cri | 0.64 | 9.8 | 0.04 | Jun 3, 2019 | A SQL injection vulnerability exists in all Orpak SiteOmat versions prior to 2017-09-25. The vulnerability is in the login page, where the authentication validation process contains an insecure SELECT query. The attack allows for authentication bypass. | ||
| CVE-2019-5715 | Cri | 0.64 | 9.8 | 0.02 | Apr 11, 2019 | All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject. | ||
| CVE-2018-16809 | Cri | 0.64 | 9.8 | 0.02 | Mar 7, 2019 | An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit. | ||
| CVE-2019-6798 | Cri | 0.64 | 9.8 | 0.04 | Jan 26, 2019 | An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature. | ||
| CVE-2018-18530 | — | Cri | 0.64 | 9.8 | 0.01 | Oct 19, 2018 | ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI. | |
| CVE-2018-18529 | — | Cri | 0.64 | 9.8 | 0.01 | Oct 19, 2018 | ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. NOTE: a backquote character is not required in the attack URI. | |
| CVE-2018-18200 | Cri | 0.64 | 9.8 | 0.01 | Oct 9, 2018 | There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4. | ||
| CVE-2018-18084 | Cri | 0.64 | 9.8 | 0.01 | Oct 9, 2018 | An issue was discovered in DuomiCMS 3.0. SQL injection exists in the ajax.php file, as demonstrated by the uid parameter. | ||
| CVE-2018-18075 | Cri | 0.64 | 9.8 | 0.02 | Oct 9, 2018 | WikidForum 2.20 has SQL Injection via the rpc.php parent_post_id or num_records parameter, or the index.php?action=search select_sort parameter. | ||
| CVE-2018-12470 | Cri | 0.64 | 9.8 | 0.02 | Oct 4, 2018 | A SQL Injection in the RegistrationSharing module of SUSE Linux SMT allows remote attackers to cause execute arbitrary SQL statements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37. | ||
| CVE-2018-17852 | Cri | 0.64 | 9.8 | 0.02 | Oct 1, 2018 | A SQL injection was discovered in WUZHI CMS 4.1.0 in coreframe/app/coupon/admin/card.php via the groupname parameter to the /index.php?m=coupon&f=card&v=detail_listing URI. | ||
| CVE-2018-17831 | Cri | 0.64 | 9.8 | 0.02 | Oct 1, 2018 | In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. Endangered was the backend and the frontend only if rex_list… | ||
| CVE-2018-17796 | Cri | 0.64 | 9.8 | 0.02 | Sep 30, 2018 | An issue was discovered in MRCMS (aka mushroom) through 3.1.2. The WebParam.java file directly accepts the FIELD_T parameter in a request and uses it as a hash of SQL statements without filtering, resulting in a SQL injection vulnerability in getChannel() in the… | ||
| CVE-2018-17575 | Cri | 0.64 | 9.8 | 0.01 | Sep 28, 2018 | SWA SWA.JACAD 3.1.37 Build 024 has SQL Injection via the /academico/aluno/esqueci-minha-senha/ studentId parameter. | ||
| CVE-2018-14956 | Cri | 0.64 | 9.8 | 0.03 | Sep 28, 2018 | CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. An attacker can inject malicious queries into the application and obtain sensitive information. | ||
| CVE-2018-17566 | — | Cri | 0.64 | 9.8 | 0.02 | Sep 26, 2018 | In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request. | |
| CVE-2018-17410 | Cri | 0.64 | 9.8 | 0.02 | Sep 26, 2018 | Horus CMS allows SQL Injection, as demonstrated by a request to the /busca or /home URI. | ||
| CVE-2015-8298 | Cri | 0.64 | 9.8 | 0.03 | Sep 24, 2018 | Multiple SQL injection vulnerabilities in the login page in RXTEC RXAdmin UPDATE 06 / 2012 allow remote attackers to execute arbitrary SQL commands via the (1) loginpassword, (2) loginusername, (3) zusatzlicher, or (4) groupid parameter to index.htm, or the (5) rxtec cookie to… | ||
| CVE-2018-16822 | Cri | 0.64 | 9.8 | 0.01 | Sep 21, 2018 | SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter. |
- risk 0.64cvss 9.8epss 0.01
SQL injection vulnerability in silverstripe/restfulserver module 1.0.x before 1.0.9, 2.0.x before 2.0.4, and 2.1.x before 2.1.2 and silverstripe/registry module 2.1.x before 2.1.1 and 2.2.x before 2.2.1 allows attackers to execute arbitrary SQL commands.
- risk 0.64cvss 9.8epss 0.04
A SQL injection vulnerability exists in all Orpak SiteOmat versions prior to 2017-09-25. The vulnerability is in the login page, where the authentication validation process contains an insecure SELECT query. The attack allows for authentication bypass.
- risk 0.64cvss 9.8epss 0.02
All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit.
- risk 0.64cvss 9.8epss 0.04
An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.
- risk 0.64cvss 9.8epss 0.01
ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI.
- risk 0.64cvss 9.8epss 0.01
ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. NOTE: a backquote character is not required in the attack URI.
- risk 0.64cvss 9.8epss 0.01
There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in DuomiCMS 3.0. SQL injection exists in the ajax.php file, as demonstrated by the uid parameter.
- risk 0.64cvss 9.8epss 0.02
WikidForum 2.20 has SQL Injection via the rpc.php parent_post_id or num_records parameter, or the index.php?action=search select_sort parameter.
- risk 0.64cvss 9.8epss 0.02
A SQL Injection in the RegistrationSharing module of SUSE Linux SMT allows remote attackers to cause execute arbitrary SQL statements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.
- risk 0.64cvss 9.8epss 0.02
A SQL injection was discovered in WUZHI CMS 4.1.0 in coreframe/app/coupon/admin/card.php via the groupname parameter to the /index.php?m=coupon&f=card&v=detail_listing URI.
- risk 0.64cvss 9.8epss 0.02
In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. Endangered was the backend and the frontend only if rex_list…
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in MRCMS (aka mushroom) through 3.1.2. The WebParam.java file directly accepts the FIELD_T parameter in a request and uses it as a hash of SQL statements without filtering, resulting in a SQL injection vulnerability in getChannel() in the…
- risk 0.64cvss 9.8epss 0.01
SWA SWA.JACAD 3.1.37 Build 024 has SQL Injection via the /academico/aluno/esqueci-minha-senha/ studentId parameter.
- risk 0.64cvss 9.8epss 0.03
CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. An attacker can inject malicious queries into the application and obtain sensitive information.
- risk 0.64cvss 9.8epss 0.02
In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request.
- risk 0.64cvss 9.8epss 0.02
Horus CMS allows SQL Injection, as demonstrated by a request to the /busca or /home URI.
- risk 0.64cvss 9.8epss 0.03
Multiple SQL injection vulnerabilities in the login page in RXTEC RXAdmin UPDATE 06 / 2012 allow remote attackers to execute arbitrary SQL commands via the (1) loginpassword, (2) loginusername, (3) zusatzlicher, or (4) groupid parameter to index.htm, or the (5) rxtec cookie to…
- risk 0.64cvss 9.8epss 0.01
SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter.