CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,841 vulnerabilities with CWE-89
CVE-2020-36034
CRITICAL
School Faculty Scheduling System 1.0 - SQL Injection via manage_user.php id Parameter
CVSS 9.8
CVE-2020-24950
HIGH
FUEL-CMS 1.4.9 - SQL Injection via Base_module_model.php col Parameter
CVSS 8.8
CVE-2020-21662
CRITICAL
yunyecms 2.0.2 - SQL Injection via XFF Header
CVSS 9.8
CVE-2020-21486
HIGH
PHPOK 5.4 - SQL Injection via _userlist Function in phpok_call.php
CVSS 7.5
CVE-2020-21400
HIGH
phpmywind 5.6 - SQL Injection via id Variable in Modify Function
CVSS 7.2
CVE-2020-20636
HIGH
Joyplus-cms 1.6.0 - SQL Injection via goodbad() id Parameter
CVSS 7.5
CVE-2020-20491
HIGH
OpenCart 2.2.00-3.0.3.2 - SQL Injection via Fba Plugin Function
CVSS 7.2
CVE-2020-20413
CRITICAL
wuzhicms 4.1.0 - SQL Injection via checktitle() Function
CVSS 9.8
CVE-2020-23966
CRITICAL
victor_cms 1.0 - SQL Injection via Post Parameter
CVSS 9.8
CVE-2020-36077
HIGH
Tailor Management System 1 - SQL Injection via Order Add Customer Parameter
CVSS 8.8
CVE-2020-36074
HIGH
Tailor Management System 1 - SQL Injection via Title Parameter
CVSS 8.8
CVE-2020-36073
HIGH
Tailor Management System 1 - SQL Injection via Document Detail Parameter
CVSS 8.8
CVE-2020-36072
HIGH
Tailor Management System 1 - SQL Injection via id Parameter
CVSS 8.8
CVE-2020-36071
HIGH
Tailor Management System 1 - Authenticated SQL Injection via Email Page Customer Parameter
CVSS 8.8
CVE-2020-21060
HIGH
phpmywind 5.6 - SQL Injection via Administrator Delete Function
CVSS 8.8
CVE-2020-20915
CRITICAL
PublicCMS 4.0 - SQL Injection via SysSiteAdminControl sql Parameter
CVSS 9.8
CVE-2020-20914
CRITICAL
PublicCMS 4.0 - SQL Injection via sql Parameter
CVSS 9.8
CVE-2020-20913
CRITICAL
Ming-Soft MCMS < 5.1 - SQL Injection via basic_title Parameter
CVSS 9.8
CVE-2020-29168
CRITICAL
Online Doctor Appointment Booking System - SQL Injection via q Parameter in getuser.php
CVSS 9.8
CVE-2020-21120
CRITICAL
UQCMS 2.1.3 - SQL Injection via Cookie Cart Parameter
CVSS 9.8
CVE-2020-21119
CRITICAL
Kliqqi-CMS 2.0.2 - SQL Injection via recordIDValue Parameter
CVSS 9.8
CVE-2020-22452
CRITICAL
phpMyAdmin 5.0.0-5.0.1 and 5.0.2-5.1.4 - SQL Injection via tbl_storage_engine or tbl_collation Parameters
CVSS 9.8
CVE-2020-29297
CRITICAL
Tourist5 Online-food-ordering-system 1.0 - SQL Injection
CVSS 9.8
CVE-2020-21152
CRITICAL
inxedu 2.0.6 - SQL Injection via saverolefunction functionIds Parameter
CVSS 9.8
CVE-2020-35326
CRITICAL
inxedu 2.0.6 - SQL Injection via WebsiteImagesMapper.xml id Parameter
CVSS 9.8
Details
Vulnerabilities
19,841
Exploit Likelihood
High