CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,835 vulnerabilities with CWE-89
CVE-2020-37004 HIGH
Ultimate Project Manager CRM PRO 2.0.5 - SQL Injection
CVSS 8.2
CVE-2020-36999 HIGH
Elaniin CMS 1.0 - Unauthenticated Authentication Bypass and SQL Injection via Login Page
CVSS 8.2
CVE-2020-36972 HIGH
SmartBlog 2.0.1 - Blind SQL Injection via id_post Parameter
CVSS 8.2
CVE-2020-36945 HIGH
WebDamn User Registration Login System - SQL Injection
CVSS 8.2
CVE-2020-36951 HIGH
Phpscript-sgh 0.1.0 - SQL Injection
CVSS 8.2
CVE-2020-36947 HIGH
LibreNMS 1.46 - Authenticated SQL Injection
CVSS 7.1
CVE-2020-36869 HIGH
Nagios XI < 5.7.5 - Authenticated SQL Injection via SNMP Trap Interface Edit Page
CVSS 7.2
CVE-2020-36859 HIGH
Nagios XI <5.7.4 - Authenticated SQL Injection
CVSS 8.8
CVE-2020-36857 HIGH
Nagios XI < 5.6.14 - Authenticated SQL Injection via SNMP Trap Interface Page
CVSS 7.2
CVE-2020-18243 MEDIUM
Enricozab CMS 1.0 - SQL Injection via hdo-view-case.php
CVSS 6.5
CVE-2020-19248 MEDIUM
pbootcms < 1.4.1 - SQL Injection via Template If Statement Parsing
CVSS 5.1
CVE-2020-36084 CRITICAL
SourceCodester Responsive E-Learning System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2020-26630 MEDIUM
Hospital Management System V4.0 - SQL Injection
CVSS 4.9
CVE-2020-26627 MEDIUM
Hospital Management System V4.0 - SQL Injection
CVSS 4.9
CVE-2020-26625 LOW
Gila CMS < 1.15.4 - SQL Injection via User ID Parameter
CVSS 3.8
CVE-2020-26624 LOW
Gila CMS < 1.15.4 - SQL Injection via ID Parameter
CVSS 3.8
CVE-2020-26623 LOW
Gila CMS < 1.15.4 - Authenticated SQL Injection via Administration Widget Area Parameter
CVSS 3.8
CVE-2020-36768 HIGH
rl-institut NESP2 Initial Release/1.0 - SQL Injection
CVSS 7.3
CVE-2020-36136 HIGH
cskaza cszcms 1.2.9 - SQL Injection via pm_sendmail Parameter
CVSS 7.5
CVE-2020-36034 CRITICAL
School Faculty Scheduling System 1.0 - SQL Injection via manage_user.php id Parameter
CVSS 9.8
CVE-2020-24950 HIGH
FUEL-CMS 1.4.9 - SQL Injection via Base_module_model.php col Parameter
CVSS 8.8
CVE-2020-21662 CRITICAL
yunyecms 2.0.2 - SQL Injection via XFF Header
CVSS 9.8
CVE-2020-21486 HIGH
PHPOK 5.4 - SQL Injection via _userlist Function in phpok_call.php
CVSS 7.5
CVE-2020-21400 HIGH
phpmywind 5.6 - SQL Injection via id Variable in Modify Function
CVSS 7.2
CVE-2020-20636 HIGH
Joyplus-cms 1.6.0 - SQL Injection via goodbad() id Parameter
CVSS 7.5
Details
Vulnerabilities 19,835
Exploit Likelihood High