VYPR

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7

CVEs mapped to this weakness (10,236)

page 43 of 512
  • CVE-2017-15907CriOct 26, 2017
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in phpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to newsdesk/newsdesk.php.

  • CVE-2012-4570CriOct 23, 2017
    risk 0.64cvss 9.8epss 0.02

    SQL injection vulnerability in LetoDMS_Core/Core/inc.ClassDMS.php in LetoDMS (formerly MyDMS) before 3.3.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2017-15381CriOct 23, 2017
    risk 0.64cvss 9.8epss 0.01

    SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php (aka the zip code search script).

  • CVE-2017-15379CriOct 23, 2017
    risk 0.64cvss 9.8epss 0.03

    An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for the username and password.

  • CVE-2015-5376CriOct 18, 2017
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in the login form in GSI WiNPAT Portal 3.2.0.1001 through 3.6.1.0 allows remote attackers to execute arbitrary SQL commands via the username field.

  • CVE-2017-15539CriOct 17, 2017
    risk 0.64cvss 9.8epss 0.01

    SQL Injection exists in zorovavi/blog through 2017-10-17 via the id parameter to recept.php.

  • CVE-2014-8621CriOct 16, 2017
    risk 0.64cvss 9.8epss 0.03

    SQL injection vulnerability in the Store Locator plugin 2.3 through 3.11 for WordPress allows remote attackers to execute arbitrary SQL commands via the sl_custom_field parameter to sl-xml.php.

  • CVE-2017-15373CriOct 16, 2017
    risk 0.64cvss 9.8epss 0.02

    E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php (aka the search private area).

  • CVE-2015-2146CriOct 6, 2017
    risk 0.64cvss 9.8epss 0.01

    Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to project.php, the (2) group_id parameter to group.php, the (3) status_id parameter to status.php, the (4)…

  • CVE-2017-14760CriSep 27, 2017
    risk 0.64cvss 9.8epss 0.02

    SQL Injection exists in /includes/event-management/index.php in the event-espresso-free (aka Event Espresso Lite) plugin v3.1.37.12.L for WordPress via the recurrence_id parameter to /wp-admin/admin.php.

  • CVE-2015-7670CriSep 26, 2017
    risk 0.64cvss 9.8epss 0.03

    Multiple SQL injection vulnerabilities in includes/update.php in the Support Ticket System plugin before 1.2.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) id parameter.

  • CVE-2015-7390CriSep 26, 2017
    risk 0.64cvss 9.8epss 0.02

    SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey parameter to lnl.php.

  • CVE-2017-7973CriSep 26, 2017
    risk 0.64cvss 9.8epss 0.01

    A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database.

  • CVE-2017-14125CriSep 25, 2017
    risk 0.64cvss 9.8epss 0.03

    SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme task in the wpdevart_gallery_themes page to wp-admin/admin.php.

  • CVE-2017-14652CriSep 21, 2017
    risk 0.64cvss 9.8epss 0.02

    SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the Tapatalk plugin before 4.5.8 for MyBB allows an unauthenticated remote attacker to inject arbitrary SQL commands via an XML-RPC encoded document sent as part of the user registration process.

  • CVE-2017-14512CriSep 17, 2017
    risk 0.64cvss 9.8epss 0.01

    NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981.

  • CVE-2017-1002028CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.02

    Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed into an SQL query.

  • CVE-2017-1002027CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rk_user_list.php.

  • CVE-2017-1002023CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easy_team_manager_desc_edit.php

  • CVE-2017-1002022CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.04

    Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query.