CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,841 vulnerabilities with CWE-89
CVE-2020-19961
HIGH
zzcms 2019 - SQL Injection via subzs.php
CVSS 7.5
CVE-2020-19960
HIGH
zzcms 2019 - SQL Injection via dlid Parameter in dl_sendsms.php
CVSS 7.5
CVE-2020-19959
HIGH
zzcms 2019 - SQL Injection via dlid Parameter in dl_sendmail.php
CVSS 7.5
CVE-2020-19957
HIGH
zzcms 2019 - SQL Injection via dl_print.php id Parameter
CVSS 7.5
CVE-2020-21726
CRITICAL
OpenSNS 6.1.0 - SQL Injection via ChinaCityController cid Parameter
CVSS 9.8
CVE-2020-21725
CRITICAL
OpenSNS 6.1.0 - SQL Injection via ChinaCityController pid Parameter
CVSS 9.8
CVE-2020-21013
HIGH
emlog v6.0.0 - SQL Injection via /admin/comment.php
CVSS 7.2
CVE-2020-21012
CRITICAL
Sourcecodester Hotel and Lodge Management System 2.0 - Unauthenticated SQL Injection via Email Parameter
CVSS 9.8
CVE-2020-20797
CRITICAL
FlameCMS 3.3.5 - Time-Based Blind SQL Injection via Register Endpoint
CVSS 9.8
CVE-2020-20796
CRITICAL
FlameCMS 3.3.5 - SQL Injection via Id Parameter
CVSS 9.8
CVE-2020-20122
CRITICAL
Wuzhicms v4.1 - SQL Injection in checktitle() Function
CVSS 9.8
CVE-2020-20120
CRITICAL
ThinkPHP < 3.2.3 - SQL Injection via Where and Query Methods
CVSS 9.8
CVE-2020-20692
HIGH
GilaCMS 1.11.4 - SQL Injection via $_GET Parameter in cm.php
CVSS 7.2
CVE-2020-21127
CRITICAL
MetInfo 7.0.0 - SQL Injection via admin/?n=logs&c=index&a=dodel
CVSS 9.8
CVE-2020-21121
CRITICAL
Pligg CMS 2.0.2 - SQL Injection via admin_update_module_widgets.php $recordIDValue Parameter
CVSS 9.8
CVE-2020-19853
CRITICAL
BlueCMS v1.6 - SQL Injection via /ad_js.php
CVSS 9.8
CVE-2020-7819
CRITICAL
nTracker USB Enterprise - SQL Injection
CVSS 9.3
CVE-2020-20340
HIGH
S-CMS v1.0 - SQL Injection in 4.edu.php\conn\function.php
CVSS 7.5
CVE-2020-18116
HIGH
youdiancms 8.0 - SQL Injection via Search Bar
CVSS 8.8
CVE-2020-18106
CRITICAL
wms v1.0 - SQL Injection via GET Parameter
CVSS 9.8
CVE-2020-20675
CRITICAL
nuishop 2.3 - SQL Injection via /goods/getGoodsListByConditions/
CVSS 9.8
CVE-2020-18477
HIGH
Hucart CMS 5.7.4 - SQL Injection via Purchase Enquiry Message Field
CVSS 8.8
CVE-2020-18476
HIGH
Hucart CMS 5.7.4 - SQL Injection via Avatar usd_image Field
CVSS 8.8
CVE-2020-19821
HIGH
DOYOCMS 2.3 - SQL Injection via orders[] Parameter
CVSS 8.8
CVE-2020-19705
CRITICAL
thinkphp-zcms - SQL Injection via index.php Message Add Parameter
CVSS 9.8
Details
Vulnerabilities
19,841
Exploit Likelihood
High