CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,841 vulnerabilities with CWE-89
CVE-2020-19961 HIGH
zzcms 2019 - SQL Injection via subzs.php
CVSS 7.5
CVE-2020-19960 HIGH
zzcms 2019 - SQL Injection via dlid Parameter in dl_sendsms.php
CVSS 7.5
CVE-2020-19959 HIGH
zzcms 2019 - SQL Injection via dlid Parameter in dl_sendmail.php
CVSS 7.5
CVE-2020-19957 HIGH
zzcms 2019 - SQL Injection via dl_print.php id Parameter
CVSS 7.5
CVE-2020-21726 CRITICAL
OpenSNS 6.1.0 - SQL Injection via ChinaCityController cid Parameter
CVSS 9.8
CVE-2020-21725 CRITICAL
OpenSNS 6.1.0 - SQL Injection via ChinaCityController pid Parameter
CVSS 9.8
CVE-2020-21013 HIGH
emlog v6.0.0 - SQL Injection via /admin/comment.php
CVSS 7.2
CVE-2020-21012 CRITICAL
Sourcecodester Hotel and Lodge Management System 2.0 - Unauthenticated SQL Injection via Email Parameter
CVSS 9.8
CVE-2020-20797 CRITICAL
FlameCMS 3.3.5 - Time-Based Blind SQL Injection via Register Endpoint
CVSS 9.8
CVE-2020-20796 CRITICAL
FlameCMS 3.3.5 - SQL Injection via Id Parameter
CVSS 9.8
CVE-2020-20122 CRITICAL
Wuzhicms v4.1 - SQL Injection in checktitle() Function
CVSS 9.8
CVE-2020-20120 CRITICAL
ThinkPHP < 3.2.3 - SQL Injection via Where and Query Methods
CVSS 9.8
CVE-2020-20692 HIGH
GilaCMS 1.11.4 - SQL Injection via $_GET Parameter in cm.php
CVSS 7.2
CVE-2020-21127 CRITICAL
MetInfo 7.0.0 - SQL Injection via admin/?n=logs&c=index&a=dodel
CVSS 9.8
CVE-2020-21121 CRITICAL
Pligg CMS 2.0.2 - SQL Injection via admin_update_module_widgets.php $recordIDValue Parameter
CVSS 9.8
CVE-2020-19853 CRITICAL
BlueCMS v1.6 - SQL Injection via /ad_js.php
CVSS 9.8
CVE-2020-7819 CRITICAL
nTracker USB Enterprise - SQL Injection
CVSS 9.3
CVE-2020-20340 HIGH
S-CMS v1.0 - SQL Injection in 4.edu.php\conn\function.php
CVSS 7.5
CVE-2020-18116 HIGH
youdiancms 8.0 - SQL Injection via Search Bar
CVSS 8.8
CVE-2020-18106 CRITICAL
wms v1.0 - SQL Injection via GET Parameter
CVSS 9.8
CVE-2020-20675 CRITICAL
nuishop 2.3 - SQL Injection via /goods/getGoodsListByConditions/
CVSS 9.8
CVE-2020-18477 HIGH
Hucart CMS 5.7.4 - SQL Injection via Purchase Enquiry Message Field
CVSS 8.8
CVE-2020-18476 HIGH
Hucart CMS 5.7.4 - SQL Injection via Avatar usd_image Field
CVSS 8.8
CVE-2020-19821 HIGH
DOYOCMS 2.3 - SQL Injection via orders[] Parameter
CVSS 8.8
CVE-2020-19705 CRITICAL
thinkphp-zcms - SQL Injection via index.php Message Add Parameter
CVSS 9.8
Details
Vulnerabilities 19,841
Exploit Likelihood High