CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7
CVEs mapped to this weakness (10,236)
page 6 of 512| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-7318 | Cri | 0.67 | 9.8 | 0.09 | Feb 22, 2018 | SQL Injection exists in the CheckList 1.1.1 component for Joomla! via the title_search, tag_search, name_search, description_search, or filter_order parameter. | ||
| CVE-2018-7315 | Cri | 0.67 | 9.8 | 0.03 | Feb 22, 2018 | SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via the gender, age1, age2, religion, mothertounge, caste, or country parameter. | ||
| CVE-2018-7312 | Cri | 0.67 | 9.8 | 0.03 | Feb 22, 2018 | SQL Injection exists in the Alexandria Book Library 3.1.2 component for Joomla! via the letter parameter. | ||
| CVE-2018-6024 | Cri | 0.67 | 9.8 | 0.03 | Feb 18, 2018 | SQL Injection exists in the Project Log 1.5.3 component for Joomla! via the search parameter. | ||
| CVE-2018-7180 | Cri | 0.67 | 9.8 | 0.03 | Feb 17, 2018 | SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla! via the publicid parameter. | ||
| CVE-2018-7179 | Cri | 0.67 | 9.8 | 0.03 | Feb 17, 2018 | SQL Injection exists in the SquadManagement 1.0.3 component for Joomla! via the id parameter. | ||
| CVE-2018-7178 | Cri | 0.67 | 9.8 | 0.04 | Feb 17, 2018 | SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla! via the publicid parameter. | ||
| CVE-2018-7177 | Cri | 0.67 | 9.8 | 0.03 | Feb 17, 2018 | SQL Injection exists in the Saxum Numerology 3.0.4 component for Joomla! via the publicid parameter. | ||
| CVE-2018-6585 | Cri | 0.67 | 9.8 | 0.03 | Feb 17, 2018 | SQL Injection exists in the JTicketing 2.0.16 component for Joomla! via a view=events action with a filter_creator or filter_events_cat parameter. | ||
| CVE-2018-6584 | Cri | 0.67 | 9.8 | 0.04 | Feb 17, 2018 | SQL Injection exists in the DT Register 3.2.7 component for Joomla! via a task=edit&id= request. | ||
| CVE-2018-6394 | Cri | 0.67 | 9.8 | 0.03 | Feb 17, 2018 | SQL Injection exists in the InviteX 3.0.5 component for Joomla! via the invite_type parameter in a view=invites action. | ||
| CVE-2018-6373 | Cri | 0.67 | 9.8 | 0.02 | Feb 17, 2018 | SQL Injection exists in the Fastball 2.5 component for Joomla! via the season parameter in a view=player action. | ||
| CVE-2018-6372 | Cri | 0.67 | 9.8 | 0.03 | Feb 17, 2018 | SQL Injection exists in the JB Bus 2.3 component for Joomla! via the order_number parameter. | ||
| CVE-2018-6370 | Cri | 0.67 | 9.8 | 0.03 | Feb 17, 2018 | SQL Injection exists in the NeoRecruit 4.1 component for Joomla! via the (1) PATH_INFO or (2) name of a .html file under the all-offers/ URI. | ||
| CVE-2018-6368 | — | Cri | 0.67 | 9.8 | 0.03 | Feb 17, 2018 | SQL Injection exists in the JomEstate PRO through 3.7 component for Joomla! via the id parameter in a task=detailed action. | |
| CVE-2018-6005 | Cri | 0.67 | 9.8 | 0.03 | Feb 17, 2018 | SQL Injection exists in the Realpin through 1.5.04 component for Joomla! via the pinboard parameter. | ||
| CVE-2018-6004 | Cri | 0.67 | 9.8 | 0.03 | Feb 17, 2018 | SQL Injection exists in the File Download Tracker 3.0 component for Joomla! via the dynfield[phone] or sess parameter. | ||
| CVE-2018-5994 | Cri | 0.67 | 9.8 | 0.03 | Feb 17, 2018 | SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request. | ||
| CVE-2018-5993 | Cri | 0.67 | 9.8 | 0.03 | Feb 17, 2018 | SQL Injection exists in the Aist through 2.0 component for Joomla! via the id parameter in a view=showvacancy request. | ||
| CVE-2018-5992 | Cri | 0.67 | 9.8 | 0.03 | Feb 17, 2018 | SQL Injection exists in the Staff Master through 1.0 RC 1 component for Joomla! via the name parameter in a view=staff request. |
- risk 0.67cvss 9.8epss 0.09
SQL Injection exists in the CheckList 1.1.1 component for Joomla! via the title_search, tag_search, name_search, description_search, or filter_order parameter.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via the gender, age1, age2, religion, mothertounge, caste, or country parameter.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the Alexandria Book Library 3.1.2 component for Joomla! via the letter parameter.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the Project Log 1.5.3 component for Joomla! via the search parameter.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla! via the publicid parameter.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the SquadManagement 1.0.3 component for Joomla! via the id parameter.
- risk 0.67cvss 9.8epss 0.04
SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla! via the publicid parameter.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the Saxum Numerology 3.0.4 component for Joomla! via the publicid parameter.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the JTicketing 2.0.16 component for Joomla! via a view=events action with a filter_creator or filter_events_cat parameter.
- risk 0.67cvss 9.8epss 0.04
SQL Injection exists in the DT Register 3.2.7 component for Joomla! via a task=edit&id= request.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the InviteX 3.0.5 component for Joomla! via the invite_type parameter in a view=invites action.
- risk 0.67cvss 9.8epss 0.02
SQL Injection exists in the Fastball 2.5 component for Joomla! via the season parameter in a view=player action.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the JB Bus 2.3 component for Joomla! via the order_number parameter.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the NeoRecruit 4.1 component for Joomla! via the (1) PATH_INFO or (2) name of a .html file under the all-offers/ URI.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the JomEstate PRO through 3.7 component for Joomla! via the id parameter in a task=detailed action.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the Realpin through 1.5.04 component for Joomla! via the pinboard parameter.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the File Download Tracker 3.0 component for Joomla! via the dynfield[phone] or sess parameter.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the Aist through 2.0 component for Joomla! via the id parameter in a view=showvacancy request.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the Staff Master through 1.0 RC 1 component for Joomla! via the name parameter in a view=staff request.