CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,835 vulnerabilities with CWE-89
CVE-2020-37004
HIGH
Ultimate Project Manager CRM PRO 2.0.5 - SQL Injection
CVSS 8.2
CVE-2020-36999
HIGH
Elaniin CMS 1.0 - Unauthenticated Authentication Bypass and SQL Injection via Login Page
CVSS 8.2
CVE-2020-36972
HIGH
SmartBlog 2.0.1 - Blind SQL Injection via id_post Parameter
CVSS 8.2
CVE-2020-36945
HIGH
WebDamn User Registration Login System - SQL Injection
CVSS 8.2
CVE-2020-36951
HIGH
Phpscript-sgh 0.1.0 - SQL Injection
CVSS 8.2
CVE-2020-36947
HIGH
LibreNMS 1.46 - Authenticated SQL Injection
CVSS 7.1
CVE-2020-36869
HIGH
Nagios XI < 5.7.5 - Authenticated SQL Injection via SNMP Trap Interface Edit Page
CVSS 7.2
CVE-2020-36859
HIGH
Nagios XI <5.7.4 - Authenticated SQL Injection
CVSS 8.8
CVE-2020-36857
HIGH
Nagios XI < 5.6.14 - Authenticated SQL Injection via SNMP Trap Interface Page
CVSS 7.2
CVE-2020-18243
MEDIUM
Enricozab CMS 1.0 - SQL Injection via hdo-view-case.php
CVSS 6.5
CVE-2020-19248
MEDIUM
pbootcms < 1.4.1 - SQL Injection via Template If Statement Parsing
CVSS 5.1
CVE-2020-36084
CRITICAL
SourceCodester Responsive E-Learning System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2020-26630
MEDIUM
Hospital Management System V4.0 - SQL Injection
CVSS 4.9
CVE-2020-26627
MEDIUM
Hospital Management System V4.0 - SQL Injection
CVSS 4.9
CVE-2020-26625
LOW
Gila CMS < 1.15.4 - SQL Injection via User ID Parameter
CVSS 3.8
CVE-2020-26624
LOW
Gila CMS < 1.15.4 - SQL Injection via ID Parameter
CVSS 3.8
CVE-2020-26623
LOW
Gila CMS < 1.15.4 - Authenticated SQL Injection via Administration Widget Area Parameter
CVSS 3.8
CVE-2020-36768
HIGH
rl-institut NESP2 Initial Release/1.0 - SQL Injection
CVSS 7.3
CVE-2020-36136
HIGH
cskaza cszcms 1.2.9 - SQL Injection via pm_sendmail Parameter
CVSS 7.5
CVE-2020-36034
CRITICAL
School Faculty Scheduling System 1.0 - SQL Injection via manage_user.php id Parameter
CVSS 9.8
CVE-2020-24950
HIGH
FUEL-CMS 1.4.9 - SQL Injection via Base_module_model.php col Parameter
CVSS 8.8
CVE-2020-21662
CRITICAL
yunyecms 2.0.2 - SQL Injection via XFF Header
CVSS 9.8
CVE-2020-21486
HIGH
PHPOK 5.4 - SQL Injection via _userlist Function in phpok_call.php
CVSS 7.5
CVE-2020-21400
HIGH
phpmywind 5.6 - SQL Injection via id Variable in Modify Function
CVSS 7.2
CVE-2020-20636
HIGH
Joyplus-cms 1.6.0 - SQL Injection via goodbad() id Parameter
CVSS 7.5
Details
Vulnerabilities
19,835
Exploit Likelihood
High