CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,841 vulnerabilities with CWE-89
CVE-2020-36034 CRITICAL
School Faculty Scheduling System 1.0 - SQL Injection via manage_user.php id Parameter
CVSS 9.8
CVE-2020-24950 HIGH
FUEL-CMS 1.4.9 - SQL Injection via Base_module_model.php col Parameter
CVSS 8.8
CVE-2020-21662 CRITICAL
yunyecms 2.0.2 - SQL Injection via XFF Header
CVSS 9.8
CVE-2020-21486 HIGH
PHPOK 5.4 - SQL Injection via _userlist Function in phpok_call.php
CVSS 7.5
CVE-2020-21400 HIGH
phpmywind 5.6 - SQL Injection via id Variable in Modify Function
CVSS 7.2
CVE-2020-20636 HIGH
Joyplus-cms 1.6.0 - SQL Injection via goodbad() id Parameter
CVSS 7.5
CVE-2020-20491 HIGH
OpenCart 2.2.00-3.0.3.2 - SQL Injection via Fba Plugin Function
CVSS 7.2
CVE-2020-20413 CRITICAL
wuzhicms 4.1.0 - SQL Injection via checktitle() Function
CVSS 9.8
CVE-2020-23966 CRITICAL
victor_cms 1.0 - SQL Injection via Post Parameter
CVSS 9.8
CVE-2020-36077 HIGH
Tailor Management System 1 - SQL Injection via Order Add Customer Parameter
CVSS 8.8
CVE-2020-36074 HIGH
Tailor Management System 1 - SQL Injection via Title Parameter
CVSS 8.8
CVE-2020-36073 HIGH
Tailor Management System 1 - SQL Injection via Document Detail Parameter
CVSS 8.8
CVE-2020-36072 HIGH
Tailor Management System 1 - SQL Injection via id Parameter
CVSS 8.8
CVE-2020-36071 HIGH
Tailor Management System 1 - Authenticated SQL Injection via Email Page Customer Parameter
CVSS 8.8
CVE-2020-21060 HIGH
phpmywind 5.6 - SQL Injection via Administrator Delete Function
CVSS 8.8
CVE-2020-20915 CRITICAL
PublicCMS 4.0 - SQL Injection via SysSiteAdminControl sql Parameter
CVSS 9.8
CVE-2020-20914 CRITICAL
PublicCMS 4.0 - SQL Injection via sql Parameter
CVSS 9.8
CVE-2020-20913 CRITICAL
Ming-Soft MCMS < 5.1 - SQL Injection via basic_title Parameter
CVSS 9.8
CVE-2020-29168 CRITICAL
Online Doctor Appointment Booking System - SQL Injection via q Parameter in getuser.php
CVSS 9.8
CVE-2020-21120 CRITICAL
UQCMS 2.1.3 - SQL Injection via Cookie Cart Parameter
CVSS 9.8
CVE-2020-21119 CRITICAL
Kliqqi-CMS 2.0.2 - SQL Injection via recordIDValue Parameter
CVSS 9.8
CVE-2020-22452 CRITICAL
phpMyAdmin 5.0.0-5.0.1 and 5.0.2-5.1.4 - SQL Injection via tbl_storage_engine or tbl_collation Parameters
CVSS 9.8
CVE-2020-29297 CRITICAL
Tourist5 Online-food-ordering-system 1.0 - SQL Injection
CVSS 9.8
CVE-2020-21152 CRITICAL
inxedu 2.0.6 - SQL Injection via saverolefunction functionIds Parameter
CVSS 9.8
CVE-2020-35326 CRITICAL
inxedu 2.0.6 - SQL Injection via WebsiteImagesMapper.xml id Parameter
CVSS 9.8
Details
Vulnerabilities 19,841
Exploit Likelihood High