VYPR

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7

CVEs mapped to this weakness (10,236)

page 82 of 512
  • CVE-2018-13450CriJul 8, 2018
    risk 0.57cvss 9.8epss 0.02

    SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the status_batch parameter.

  • CVE-2018-13449CriJul 8, 2018
    risk 0.57cvss 9.8epss 0.02

    SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut_buy parameter.

  • CVE-2018-13448CriJul 8, 2018
    risk 0.57cvss 9.8epss 0.02

    SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the country_id parameter.

  • CVE-2018-13447CriJul 8, 2018
    risk 0.57cvss 9.8epss 0.02

    SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut parameter.

  • CVE-2018-3754HigJul 3, 2018
    risk 0.57cvss 8.8epss 0.01

    Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0.2 are vulnerable to an SQL injection vulnerability due to lack of user input sanitization. This may allow an attacker to run arbitrary SQL queries when fetching data from database.

  • CVE-2018-11643HigJul 3, 2018
    risk 0.57cvss 8.8epss 0.01

    SQL injection vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to execute arbitrary SQL commands via the filterPattern parameter.

  • CVE-2018-7774HigJul 3, 2018
    risk 0.57cvss 8.8epss 0.01

    The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the username input parameter.

  • CVE-2018-7773HigJul 3, 2018
    risk 0.57cvss 8.8epss 0.01

    The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the sessionid input parameter.

  • CVE-2018-7772HigJul 3, 2018
    risk 0.57cvss 8.8epss 0.01

    The vulnerability exists within processing of applets which are exposed on the web service in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query to determine whether a user is logged in is subject to SQL injection on the…

  • CVE-2018-7769HigJul 3, 2018
    risk 0.57cvss 8.8epss 0.01

    The vulnerability exists within processing of xmlserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter.

  • CVE-2018-7768HigJul 3, 2018
    risk 0.57cvss 8.8epss 0.01

    The vulnerability exists within processing of loadtemplate.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the tpl input parameter.

  • CVE-2018-7767HigJul 3, 2018
    risk 0.57cvss 8.8epss 0.01

    The vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the type input parameter.

  • CVE-2018-7766HigJul 3, 2018
    risk 0.57cvss 8.8epss 0.01

    The vulnerability exists within processing of track_getdata.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter.

  • CVE-2018-7765HigJul 3, 2018
    risk 0.57cvss 8.8epss 0.03

    The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the object_id input parameter.

  • CVE-2018-13049HigJul 2, 2018
    risk 0.57cvss 8.8epss 0.01

    The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php.

  • CVE-2018-1000552HigJun 26, 2018
    risk 0.57cvss 8.8epss 0.01

    Trovebox version <= 4.0.0-rc6 contains a SQL Injection vulnerability in album component that can result in SQL code injection. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed.

  • CVE-2011-0467HigJun 7, 2018
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio…

  • CVE-2018-1252HigJun 5, 2018
    risk 0.57cvss 8.8epss 0.02

    RSA Web Threat Detection versions prior to 6.4, contain an SQL injection vulnerability in the Administration and Forensics applications. An authenticated malicious user with low privileges could potentially exploit this vulnerability to execute SQL commands on the back-end…

  • CVE-2016-10554CriMay 31, 2018
    risk 0.57cvss 9.8epss 0.02

    sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. Before version 1.7.0-alpha3, sequelize defaulted SQLite to use MySQL backslash escaping, even though SQLite…

  • CVE-2016-10551CriMay 29, 2018
    risk 0.57cvss 9.8epss 0.02

    waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline's `like`, `contains`, `startsWith`, or `endsWith` will end up in waterline-sequel with the potential for malicious code. A malicious user can input their…