CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,841 vulnerabilities with CWE-89
CVE-2020-19213 CRITICAL
piwigo v2.9.5 - SQL Injection via cat_move.php selection parameter
CVSS 9.8
CVE-2020-19212 MEDIUM
piwigo v2.9.5 - SQL Injection via group parameter in admin/group_list.php
CVSS 4.9
CVE-2020-13590 HIGH
Rukovoditel 2.7.2 - Authenticated SQL Injection via Entities Fields Page
CVSS 7.2
CVE-2020-13567 CRITICAL
Open-emr Openemr - SQL Injection
CVSS 9.8
CVE-2020-24770 CRITICAL
NexusPHP 1.5 - SQL Injection via modrules.php id Parameter
CVSS 9.8
CVE-2020-24769 CRITICAL
NexusPHP 1.5 - SQL Injection via takeconfirm.php classes Parameter
CVSS 9.8
CVE-2020-8242 HIGH
ExpressionEngine <= 5.4.0 - SQL Injection
CVSS 7.2
CVE-2020-25905 CRITICAL
Mobile Shop System 1.0 - SQL Injection via Email Parameter
CVSS 9.8
CVE-2020-28103 CRITICAL
cscms v4.1 - SQL Injection via page_del Function
CVSS 9.8
CVE-2020-28102 CRITICAL
cscms v4.1 - SQL Injection via js_del Function
CVSS 9.8
CVE-2020-28679 HIGH
Zoho ManageEngine Applications Manager < 14550 - Authenticated SQL Injection via showReports Module
CVSS 8.8
CVE-2020-18081 HIGH
SEMCMS 3.8 - SQL Injection via checkuser Function
CVSS 7.5
CVE-2020-35012 HIGH
WordPress Plugin <5.9.8 - SQL Injection
CVSS 7.2
CVE-2020-22226 CRITICAL
phpjabbers fundraising_script 1.0 - SQL Injection via pjActionSetAmount Function
CVSS 9.8
CVE-2020-22225 CRITICAL
phpjabbers fundraising_script 1.0 - SQL Injection via pjActionLoadForm Function
CVSS 9.8
CVE-2020-22223 CRITICAL
phpjabbers fundraising_script 1.0 - SQL Injection via pjActionLoad Function
CVSS 9.8
CVE-2020-18263 HIGH
php-cms v1.0 - SQL Injection via search.php Search Parameter
CVSS 7.5
CVE-2020-18262 CRITICAL
ED01-CMS v1.0 - SQL Injection via cid Parameter
CVSS 9.8
CVE-2020-24000 CRITICAL
eyoucms 1.4.7 - SQL Injection via tid Parameter
CVSS 9.8
CVE-2020-23685 CRITICAL
188jianzhan 2.1.0 - SQL Injection via login.php Username Parameter
CVSS 9.8
CVE-2020-28702 HIGH
PybbsCMS 5.2.1 - SQL Injection in TopicMapper.xml
CVSS 7.5
CVE-2020-21250 CRITICAL
CSZ CMS 1.2.4 - Arbitrary File Upload in MY_Security.php
CVSS 9.8
CVE-2020-24932 CRITICAL
Sourcecodester Complaint Management System 1.0 - SQL Injection via cid Parameter
CVSS 9.8
CVE-2020-28960 CRITICAL
Chichen Tech CMS 1.0 - SQL Injection via id and cid Parameters
CVSS 9.8
CVE-2020-23045 HIGH
Macrob7 Macs Framework CMS <1.14f - SQL Injection
CVSS 7.2
Details
Vulnerabilities 19,841
Exploit Likelihood High