CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7
CVEs mapped to this weakness (10,236)
page 42 of 512| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-4914 | Cri | 0.64 | 9.8 | 0.02 | Dec 29, 2017 | The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors. | ||
| CVE-2017-17959 | Cri | 0.64 | 9.8 | 0.01 | Dec 28, 2017 | PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter. | ||
| CVE-2017-17957 | Cri | 0.64 | 9.8 | 0.01 | Dec 28, 2017 | PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter. | ||
| CVE-2017-17951 | Cri | 0.64 | 9.8 | 0.01 | Dec 28, 2017 | PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter. | ||
| CVE-2017-17931 | Cri | 0.64 | 9.8 | 0.01 | Dec 27, 2017 | PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter. | ||
| CVE-2017-17928 | Cri | 0.64 | 9.8 | 0.01 | Dec 27, 2017 | PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter. | ||
| CVE-2017-17906 | Cri | 0.64 | 9.8 | 0.01 | Dec 27, 2017 | PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter. | ||
| CVE-2017-17895 | Cri | 0.64 | 9.8 | 0.01 | Dec 27, 2017 | Readymade Job Site Script has SQL Injection via the location_name array parameter to the /job URI. | ||
| CVE-2017-17892 | Cri | 0.64 | 9.8 | 0.01 | Dec 27, 2017 | Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter. | ||
| CVE-2017-17779 | Cri | 0.64 | 9.8 | 0.01 | Dec 20, 2017 | Paid To Read Script 2.0.5 has SQL injection via the referrals.php id parameter. | ||
| CVE-2017-15875 | Cri | 0.64 | 9.8 | 0.01 | Dec 19, 2017 | SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter. | ||
| CVE-2017-17730 | Cri | 0.64 | 9.8 | 0.01 | Dec 18, 2017 | DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php. | ||
| CVE-2017-17713 | Cri | 0.64 | 9.8 | 0.02 | Dec 16, 2017 | Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat… | ||
| CVE-2017-10899 | Cri | 0.64 | 9.8 | 0.01 | Dec 1, 2017 | SQL injection vulnerability in the A-Reserve and A-Reserve for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors. | ||
| CVE-2017-10898 | Cri | 0.64 | 9.8 | 0.01 | Dec 1, 2017 | SQL injection vulnerability in the A-Member and A-Member for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors. | ||
| CVE-2017-16896 | Cri | 0.64 | 9.8 | 0.01 | Nov 20, 2017 | A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter. | ||
| CVE-2017-16561 | Cri | 0.64 | 9.8 | 0.01 | Nov 7, 2017 | /view/friend_profile.php in Ingenious School Management System 2.3.0 is vulnerable to Boolean-based and Time-based SQL injection in the 'friend_index' parameter of a GET request. | ||
| CVE-2017-14356 | Cri | 0.64 | 9.8 | 0.02 | Oct 31, 2017 | An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection. | ||
| CVE-2017-15946 | Cri | 0.64 | 9.8 | 0.01 | Oct 28, 2017 | In the com_tag component 1.7.6 for Joomla!, a SQL injection vulnerability is located in the `tag` parameter to index.php. The request method to execute is GET. | ||
| CVE-2017-15919 | Cri | 0.64 | 9.8 | 0.02 | Oct 26, 2017 | The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php. |
- risk 0.64cvss 9.8epss 0.02
The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.
- risk 0.64cvss 9.8epss 0.01
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter.
- risk 0.64cvss 9.8epss 0.01
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter.
- risk 0.64cvss 9.8epss 0.01
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter.
- risk 0.64cvss 9.8epss 0.01
PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter.
- risk 0.64cvss 9.8epss 0.01
PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter.
- risk 0.64cvss 9.8epss 0.01
PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter.
- risk 0.64cvss 9.8epss 0.01
Readymade Job Site Script has SQL Injection via the location_name array parameter to the /job URI.
- risk 0.64cvss 9.8epss 0.01
Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter.
- risk 0.64cvss 9.8epss 0.01
Paid To Read Script 2.0.5 has SQL injection via the referrals.php id parameter.
- risk 0.64cvss 9.8epss 0.01
SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter.
- risk 0.64cvss 9.8epss 0.01
DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php.
- risk 0.64cvss 9.8epss 0.02
Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat…
- risk 0.64cvss 9.8epss 0.01
SQL injection vulnerability in the A-Reserve and A-Reserve for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors.
- risk 0.64cvss 9.8epss 0.01
SQL injection vulnerability in the A-Member and A-Member for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors.
- risk 0.64cvss 9.8epss 0.01
A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter.
- risk 0.64cvss 9.8epss 0.01
/view/friend_profile.php in Ingenious School Management System 2.3.0 is vulnerable to Boolean-based and Time-based SQL injection in the 'friend_index' parameter of a GET request.
- risk 0.64cvss 9.8epss 0.02
An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection.
- risk 0.64cvss 9.8epss 0.01
In the com_tag component 1.7.6 for Joomla!, a SQL injection vulnerability is located in the `tag` parameter to index.php. The request method to execute is GET.
- risk 0.64cvss 9.8epss 0.02
The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php.