Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

CVEs (19,372)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-25528 1Inoutscripts 1Inout Homestay Mar 19, 2026 Mar 12, 2026 8.8 HIGH· v4 9.1 CRITICAL· v3 N/A· v2 Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the property1 parameter. Attackers can send...Show more Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the property1 parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL payloads to extract sensitive data or modify database contents.Show less
CVE-2019-25527 1Inoutscripts 1Inout Homestay Mar 19, 2026 Mar 12, 2026 8.8 HIGH· v4 9.1 CRITICAL· v3 N/A· v2 Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the numguest parameter. Attackers can send...Show more Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the numguest parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL payloads to bypass authentication, extract sensitive data, or modify database contents.Show less
CVE-2019-25526 1Inoutscripts 1Inout Homestay Mar 19, 2026 Mar 12, 2026 8.8 HIGH· v4 9.1 CRITICAL· v3 N/A· v2 Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the location parameter. Attackers can send...Show more Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the location parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL payloads in the location field to extract sensitive data or modify database contents.Show less
CVE-2019-25525 1Inoutscripts 1Inout Homestay Mar 19, 2026 Mar 12, 2026 8.8 HIGH· v4 9.1 CRITICAL· v3 N/A· v2 Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the guests parameter. Attackers can send PO...Show more Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the guests parameter. Attackers can send POST requests to the search/rentals endpoint with malicious SQL payloads to bypass authentication, extract sensitive data, or modify database contents.Show less
CVE-2019-25524 1Xooscripts 1Xoogallery Mar 23, 2026 Mar 12, 2026 8.8 HIGH· v4 9.1 CRITICAL· v3 N/A· v2 XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.p...Show more XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data, or modify database contents.Show less
CVE-2019-25523 1Xooscripts 1Xoogallery Mar 23, 2026 Mar 12, 2026 8.8 HIGH· v4 9.1 CRITICAL· v3 N/A· v2 XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter. Attackers can send GET requests to cat.ph...Show more XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter. Attackers can send GET requests to cat.php with malicious cat_id values to bypass authentication, extract sensitive data, or modify database contents.Show less
CVE-2019-25522 1Xooscripts 1Xoogallery Mar 23, 2026 Mar 12, 2026 8.8 HIGH· v4 9.1 CRITICAL· v3 N/A· v2 XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through the photo_id parameter. Attackers can send GET requests...Show more XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through the photo_id parameter. Attackers can send GET requests to photo.php with malicious photo_id values to extract sensitive data, bypass authentication, or modify database contents.Show less
CVE-2019-25521 1Xooscripts 1Xoogallery Mar 23, 2026 Mar 12, 2026 8.8 HIGH· v4 9.1 CRITICAL· v3 N/A· v2 XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gal_id parameter. Attackers can send GET requests to gal.ph...Show more XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gal_id parameter. Attackers can send GET requests to gal.php with malicious gal_id values to extract sensitive database information or modify database contents.Show less
CVE-2019-25520 1Jettweb 1Php Stock News Site Script Mar 17, 2026 Mar 12, 2026 8.8 HIGH· v4 9.8 CRITICAL· v3 N/A· v2 Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query v...Show more Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. Attackers can submit SQL injection payloads in the username and password fields of the admingiris.php login form to bypass authentication and access the administrative interface.Show less
CVE-2019-25519 1Jettweb 1Php Stock News Site Script Mar 17, 2026 Mar 12, 2026 8.8 HIGH· v4 8.2 HIGH· v3 N/A· v2 Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the option parameter. Attackers can send POST...Show more Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the option parameter. Attackers can send POST requests to uyelik.php with crafted payloads in the option parameter to execute time-based SQL injection attacks and extract sensitive database information.Show less
CVE-2019-25518 1Jettweb 1Php Stock News Site Script Mar 17, 2026 Mar 12, 2026 8.8 HIGH· v4 8.2 HIGH· v3 N/A· v2 Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the poll parameter. Attackers can send...Show more Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the poll parameter. Attackers can send POST requests to arama.php with malicious SQL payloads in the poll parameter to extract sensitive data or modify database contents.Show less
CVE-2019-25517 1Jettweb 1Php Stock News Site Script Mar 17, 2026 Mar 12, 2026 8.8 HIGH· v4 8.2 HIGH· v3 N/A· v2 Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send r...Show more Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send requests to haberarsiv.php with malicious cid values using UNION-based injection to extract sensitive database information or modify database contents.Show less
CVE-2019-25516 1Jettweb 1Php Stock News Site Script Mar 17, 2026 Mar 12, 2026 8.8 HIGH· v4 7.5 HIGH· v3 N/A· v2 Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gallery_id parameter. Attackers can...Show more Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gallery_id parameter. Attackers can send GET requests to gallery.php with malicious gallery_id values using UNION-based SQL injection to extract sensitive database information.Show less
CVE-2019-25515 1Jettweb 1Php Stock News Site Script Mar 17, 2026 Mar 12, 2026 8.7 HIGH· v4 9.8 CRITICAL· v3 N/A· v2 Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an authentication bypass vulnerability in the login.php administration panel that allows unauthenticated attackers to gain administrative access by submitting crafted SQ...Show more Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an authentication bypass vulnerability in the login.php administration panel that allows unauthenticated attackers to gain administrative access by submitting crafted SQL syntax. Attackers can bypass authentication by submitting equals signs and 'or' operators as username and password parameters to access the administration panel without valid credentials.Show less
CVE-2019-25514 1Jettweb 1Php Stock News Site Script Mar 17, 2026 Mar 12, 2026 8.8 HIGH· v4 9.8 CRITICAL· v3 N/A· v2 Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime...Show more Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive data from the database or bypass authentication controls.Show less
CVE-2019-25513 1Jettweb 1Php Stock News Site Script Mar 17, 2026 Mar 12, 2026 8.8 HIGH· v4 9.8 CRITICAL· v3 N/A· v2 Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send G...Show more Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send GET requests to datagetir.php with malicious 'q' values using time-based blind SQL injection techniques to extract sensitive database information or bypass authentication.Show less
CVE-2019-25512 1Jettweb 1Php Stock News Site Script Mar 17, 2026 Mar 12, 2026 8.8 HIGH· v4 8.2 HIGH· v3 N/A· v2 Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime...Show more Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive database information or modify database contents.Show less
CVE-2019-25511 1Jettweb 1Php Stock News Site Script Mar 17, 2026 Mar 12, 2026 8.8 HIGH· v4 8.2 HIGH· v3 N/A· v2 Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the videoid parameter. Attackers can se...Show more Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the videoid parameter. Attackers can send GET requests to fonksiyonlar.php with malicious videoid values using UNION-based injection to extract sensitive database information.Show less
CVE-2019-25510 1Jettweb 1Php Stock News Site Script Mar 17, 2026 Mar 12, 2026 8.8 HIGH· v4 9.8 CRITICAL· v3 N/A· v2 Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query v...Show more Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. Attackers can submit SQL injection payloads in the username and password fields of the admingiris.php login form to bypass authentication and access the administrative interface.Show less
CVE-2019-25509 - - Apr 15, 2026 Mar 12, 2026 8.8 HIGH· v4 8.2 HIGH· v3 N/A· v2 XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.p...Show more XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to extract sensitive database information.Show less

Previous 1...596061...969 Next