CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7
CVEs mapped to this weakness (12,807)
page 553 of 641| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-0853 | 0.03 | — | 0.01 | Feb 21, 2008 | SQL injection vulnerability in the com_detail component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: this issue might be site-specific. If so, it should not be included in CVE. | |||
| CVE-2008-0847 | 0.03 | — | 0.01 | Feb 21, 2008 | SQL injection vulnerability in print.php in the myTopics module for XOOPS allows remote attackers to execute arbitrary SQL commands via the articleid parameter. | |||
| CVE-2008-0855 | 0.03 | — | 0.01 | Feb 21, 2008 | SQL injection vulnerability in the Facile Forms (com_facileforms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | |||
| CVE-2008-0841 | 0.03 | — | 0.01 | Feb 20, 2008 | SQL injection vulnerability in index.php in the Giorgio Nordo Ricette (com_ricette) 1.0 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-0842 | 0.03 | — | 0.01 | Feb 20, 2008 | SQL injection vulnerability in index.php in the Classifier (com_clasifier) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||
| CVE-2008-0839 | 0.03 | — | 0.01 | Feb 20, 2008 | SQL injection vulnerability in refer.php in the astatsPRO (com_astatspro) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-0835 | 0.03 | — | 0.01 | Feb 20, 2008 | SQL injection vulnerability in indexen.php in Simple CMS 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the area parameter. | |||
| CVE-2008-0844 | 0.03 | — | 0.01 | Feb 20, 2008 | SQL injection vulnerability in index.php in the PccookBook (com_pccookbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter. | |||
| CVE-2008-0845 | 0.03 | — | 0.03 | Feb 20, 2008 | SQL injection vulnerability in wp-people-popup.php in Dean Logan WP-People plugin 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the person parameter. | |||
| CVE-2008-0846 | 0.03 | — | 0.01 | Feb 20, 2008 | SQL injection vulnerability in index.php in the com_profile component for Joomla! allows remote attackers to execute arbitrary SQL commands via the oid parameter. | |||
| CVE-2008-0831 | 0.03 | — | 0.01 | Feb 20, 2008 | Multiple SQL injection vulnerabilities in the Rapid Recipe (com_rapidrecipe) 1.6.5 and earlier component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) user_id or (2) category_id parameter. NOTE: this might overlap CVE-2008-0754. | |||
| CVE-2008-0833 | 0.03 | — | 0.01 | Feb 20, 2008 | SQL injection vulnerability in index.php in the com_galeria component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. | |||
| CVE-2008-0832 | 0.03 | — | 0.01 | Feb 20, 2008 | SQL injection vulnerability in index.php in the Kemas Antonius com_quran 1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the surano parameter in a viewayat action. | |||
| CVE-2008-0827 | 0.03 | — | 0.01 | Feb 19, 2008 | SQL injection vulnerability in the Books module of PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||
| CVE-2008-0829 | 0.03 | — | 0.01 | Feb 19, 2008 | SQL injection vulnerability in jooget.php in the Joomlapixel Jooget! (com_jooget) 2.6.8 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail task. | |||
| CVE-2008-0821 | 0.03 | — | 0.01 | Feb 19, 2008 | SQL injection vulnerability in admin/traffic/knowledge_searchm.php in OSI Codes Inc. PHP Live! 3.2.2 allows remote attackers to execute arbitrary SQL commands via the questid parameter in an expand_question action. | |||
| CVE-2008-0811 | 0.03 | — | 0.01 | Feb 19, 2008 | Multiple SQL injection vulnerabilities in AuraCMS 1.62 allow remote attackers to execute arbitrary SQL commands via (1) the kid parameter to (a) mod/dl.php or (b) mod/links.php, and (2) the query parameter to search.php. | |||
| CVE-2008-0810 | 0.03 | — | 0.01 | Feb 19, 2008 | SQL injection vulnerability in the com_scheduling module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-0815 | 0.03 | — | 0.01 | Feb 19, 2008 | SQL injection vulnerability in the com_mezun component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task. | |||
| CVE-2008-0817 | 0.03 | — | 0.01 | Feb 19, 2008 | SQL injection vulnerability in the com_filebase component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action. |
- CVE-2008-0853Feb 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the com_detail component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: this issue might be site-specific. If so, it should not be included in CVE.
- CVE-2008-0847Feb 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in print.php in the myTopics module for XOOPS allows remote attackers to execute arbitrary SQL commands via the articleid parameter.
- CVE-2008-0855Feb 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Facile Forms (com_facileforms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
- CVE-2008-0841Feb 20, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the Giorgio Nordo Ricette (com_ricette) 1.0 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-0842Feb 20, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the Classifier (com_clasifier) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
- CVE-2008-0839Feb 20, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in refer.php in the astatsPRO (com_astatspro) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-0835Feb 20, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in indexen.php in Simple CMS 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the area parameter.
- CVE-2008-0844Feb 20, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the PccookBook (com_pccookbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
- CVE-2008-0845Feb 20, 2008risk 0.03cvss —epss 0.03
SQL injection vulnerability in wp-people-popup.php in Dean Logan WP-People plugin 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the person parameter.
- CVE-2008-0846Feb 20, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the com_profile component for Joomla! allows remote attackers to execute arbitrary SQL commands via the oid parameter.
- CVE-2008-0831Feb 20, 2008risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in the Rapid Recipe (com_rapidrecipe) 1.6.5 and earlier component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) user_id or (2) category_id parameter. NOTE: this might overlap CVE-2008-0754.
- CVE-2008-0833Feb 20, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the com_galeria component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
- CVE-2008-0832Feb 20, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the Kemas Antonius com_quran 1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the surano parameter in a viewayat action.
- CVE-2008-0827Feb 19, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Books module of PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter.
- CVE-2008-0829Feb 19, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in jooget.php in the Joomlapixel Jooget! (com_jooget) 2.6.8 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail task.
- CVE-2008-0821Feb 19, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in admin/traffic/knowledge_searchm.php in OSI Codes Inc. PHP Live! 3.2.2 allows remote attackers to execute arbitrary SQL commands via the questid parameter in an expand_question action.
- CVE-2008-0811Feb 19, 2008risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in AuraCMS 1.62 allow remote attackers to execute arbitrary SQL commands via (1) the kid parameter to (a) mod/dl.php or (b) mod/links.php, and (2) the query parameter to search.php.
- CVE-2008-0810Feb 19, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the com_scheduling module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-0815Feb 19, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the com_mezun component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task.
- CVE-2008-0817Feb 19, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the com_filebase component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action.