CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,841 vulnerabilities with CWE-89
CVE-2020-19213
CRITICAL
piwigo v2.9.5 - SQL Injection via cat_move.php selection parameter
CVSS 9.8
CVE-2020-19212
MEDIUM
piwigo v2.9.5 - SQL Injection via group parameter in admin/group_list.php
CVSS 4.9
CVE-2020-13590
HIGH
Rukovoditel 2.7.2 - Authenticated SQL Injection via Entities Fields Page
CVSS 7.2
CVE-2020-13567
CRITICAL
Open-emr Openemr - SQL Injection
CVSS 9.8
CVE-2020-24770
CRITICAL
NexusPHP 1.5 - SQL Injection via modrules.php id Parameter
CVSS 9.8
CVE-2020-24769
CRITICAL
NexusPHP 1.5 - SQL Injection via takeconfirm.php classes Parameter
CVSS 9.8
CVE-2020-8242
HIGH
ExpressionEngine <= 5.4.0 - SQL Injection
CVSS 7.2
CVE-2020-25905
CRITICAL
Mobile Shop System 1.0 - SQL Injection via Email Parameter
CVSS 9.8
CVE-2020-28103
CRITICAL
cscms v4.1 - SQL Injection via page_del Function
CVSS 9.8
CVE-2020-28102
CRITICAL
cscms v4.1 - SQL Injection via js_del Function
CVSS 9.8
CVE-2020-28679
HIGH
Zoho ManageEngine Applications Manager < 14550 - Authenticated SQL Injection via showReports Module
CVSS 8.8
CVE-2020-18081
HIGH
SEMCMS 3.8 - SQL Injection via checkuser Function
CVSS 7.5
CVE-2020-35012
HIGH
WordPress Plugin <5.9.8 - SQL Injection
CVSS 7.2
CVE-2020-22226
CRITICAL
phpjabbers fundraising_script 1.0 - SQL Injection via pjActionSetAmount Function
CVSS 9.8
CVE-2020-22225
CRITICAL
phpjabbers fundraising_script 1.0 - SQL Injection via pjActionLoadForm Function
CVSS 9.8
CVE-2020-22223
CRITICAL
phpjabbers fundraising_script 1.0 - SQL Injection via pjActionLoad Function
CVSS 9.8
CVE-2020-18263
HIGH
php-cms v1.0 - SQL Injection via search.php Search Parameter
CVSS 7.5
CVE-2020-18262
CRITICAL
ED01-CMS v1.0 - SQL Injection via cid Parameter
CVSS 9.8
CVE-2020-24000
CRITICAL
eyoucms 1.4.7 - SQL Injection via tid Parameter
CVSS 9.8
CVE-2020-23685
CRITICAL
188jianzhan 2.1.0 - SQL Injection via login.php Username Parameter
CVSS 9.8
CVE-2020-28702
HIGH
PybbsCMS 5.2.1 - SQL Injection in TopicMapper.xml
CVSS 7.5
CVE-2020-21250
CRITICAL
CSZ CMS 1.2.4 - Arbitrary File Upload in MY_Security.php
CVSS 9.8
CVE-2020-24932
CRITICAL
Sourcecodester Complaint Management System 1.0 - SQL Injection via cid Parameter
CVSS 9.8
CVE-2020-28960
CRITICAL
Chichen Tech CMS 1.0 - SQL Injection via id and cid Parameters
CVSS 9.8
CVE-2020-23045
HIGH
Macrob7 Macs Framework CMS <1.14f - SQL Injection
CVSS 7.2
Details
Vulnerabilities
19,841
Exploit Likelihood
High