CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7
CVEs mapped to this weakness (12,807)
page 552 of 641| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-0937 | 0.03 | — | 0.01 | Feb 25, 2008 | SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action, a different vector than CVE-2007-1811. | |||
| CVE-2008-0936 | 0.03 | — | 0.01 | Feb 25, 2008 | SQL injection vulnerability in index.php in the Prayer List (prayerlist) 1.04 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action. | |||
| CVE-2008-0921 | 0.03 | — | 0.01 | Feb 22, 2008 | SQL injection vulnerability in news.php in beContent 0.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-0922 | 0.03 | — | 0.01 | Feb 22, 2008 | SQL injection vulnerability in the Manuales 0.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewdownload action to modules.php. | |||
| CVE-2008-0920 | 0.03 | — | 0.01 | Feb 22, 2008 | SQL injection vulnerability in port/modifyportform.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 allows remote authenticated users to execute arbitrary SQL commands via the portname parameter, which is not properly handled by a validation regular… | |||
| CVE-2008-0918 | 0.03 | — | 0.01 | Feb 22, 2008 | SQL injection vulnerability in includes/count_dl_or_link.inc.php in the astatsPRO (com_astatspro) 1.0.1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to getfile.php, a different vector than CVE-2008-0839. NOTE: the… | |||
| CVE-2008-0916 | 0.03 | — | 0.01 | Feb 22, 2008 | SQL injection vulnerability in the Highwood Design hwdVideoShare (com_hwdvideoshare) 1.1.3 Alpha component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a viewcategory action to index.php. | |||
| CVE-2008-0911 | 0.03 | — | 0.01 | Feb 22, 2008 | SQL injection vulnerability in productdetails.php in iScripts MultiCart 2.0 allows remote authenticated users to execute arbitrary SQL commands via the productid parameter. | |||
| CVE-2008-0907 | 0.03 | — | 0.01 | Feb 22, 2008 | SQL injection vulnerability in the Inhalt module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||
| CVE-2008-0906 | 0.03 | — | 0.01 | Feb 22, 2008 | SQL injection vulnerability in the Docum module in PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle operation. | |||
| CVE-2008-0878 | 0.03 | — | 0.01 | Feb 21, 2008 | SQL injection vulnerability in index.php in the MyAnnonces 1.7 and earlier module for RunCMS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action. | |||
| CVE-2008-0881 | 0.03 | — | 0.01 | Feb 21, 2008 | SQL injection vulnerability in modules.php in the Okul 1.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the okulid parameter in an okullar action. | |||
| CVE-2008-0880 | 0.03 | — | 0.01 | Feb 21, 2008 | SQL injection vulnerability in modules.php in the EasyContent module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the page_id parameter. | |||
| CVE-2008-0879 | 0.03 | — | 0.01 | Feb 21, 2008 | SQL injection vulnerability in modules.php in the Web_Links module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewlink action. | |||
| CVE-2008-0874 | 0.03 | — | 0.01 | Feb 21, 2008 | SQL injection vulnerability in index.php in the eEmpregos module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action. | |||
| CVE-2008-0873 | 0.03 | — | 0.01 | Feb 21, 2008 | SQL injection vulnerability in index.php in the jlmZone Classifieds module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in an Adsview action. | |||
| CVE-2008-0857 | 0.03 | — | 0.01 | Feb 21, 2008 | SQL injection vulnerability in index.php in WoltLab Burning Board 3.0.3 PL 1 allows remote attackers to execute arbitrary SQL commands via the sortOrder parameter to the PMList page. | |||
| CVE-2008-0855 | 0.03 | — | 0.01 | Feb 21, 2008 | SQL injection vulnerability in the Facile Forms (com_facileforms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | |||
| CVE-2008-0856 | 0.03 | — | 0.01 | Feb 21, 2008 | Multiple SQL injection vulnerabilities in e-Vision CMS 2.02 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) iframe.php and (2) print.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… | |||
| CVE-2008-0854 | 0.03 | — | 0.01 | Feb 21, 2008 | SQL injection vulnerability in the com_salesrep component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the rid parameter in a showrep action to index.php. |
- CVE-2008-0937Feb 25, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action, a different vector than CVE-2007-1811.
- CVE-2008-0936Feb 25, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the Prayer List (prayerlist) 1.04 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action.
- CVE-2008-0921Feb 22, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in news.php in beContent 0.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-0922Feb 22, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Manuales 0.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewdownload action to modules.php.
- CVE-2008-0920Feb 22, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in port/modifyportform.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 allows remote authenticated users to execute arbitrary SQL commands via the portname parameter, which is not properly handled by a validation regular…
- CVE-2008-0918Feb 22, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in includes/count_dl_or_link.inc.php in the astatsPRO (com_astatspro) 1.0.1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to getfile.php, a different vector than CVE-2008-0839. NOTE: the…
- CVE-2008-0916Feb 22, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Highwood Design hwdVideoShare (com_hwdvideoshare) 1.1.3 Alpha component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a viewcategory action to index.php.
- CVE-2008-0911Feb 22, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in productdetails.php in iScripts MultiCart 2.0 allows remote authenticated users to execute arbitrary SQL commands via the productid parameter.
- CVE-2008-0907Feb 22, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Inhalt module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter.
- CVE-2008-0906Feb 22, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Docum module in PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle operation.
- CVE-2008-0878Feb 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the MyAnnonces 1.7 and earlier module for RunCMS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action.
- CVE-2008-0881Feb 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in modules.php in the Okul 1.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the okulid parameter in an okullar action.
- CVE-2008-0880Feb 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in modules.php in the EasyContent module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
- CVE-2008-0879Feb 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in modules.php in the Web_Links module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewlink action.
- CVE-2008-0874Feb 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the eEmpregos module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action.
- CVE-2008-0873Feb 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the jlmZone Classifieds module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in an Adsview action.
- CVE-2008-0857Feb 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in WoltLab Burning Board 3.0.3 PL 1 allows remote attackers to execute arbitrary SQL commands via the sortOrder parameter to the PMList page.
- CVE-2008-0855Feb 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Facile Forms (com_facileforms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
- CVE-2008-0856Feb 21, 2008risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in e-Vision CMS 2.02 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) iframe.php and (2) print.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…
- CVE-2008-0854Feb 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the com_salesrep component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the rid parameter in a showrep action to index.php.