CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,841 vulnerabilities with CWE-89
CVE-2020-18913
HIGH
ESPCMS-P8 - SQL Injection via Search.php attr_array Parameter
CVSS 7.5
CVE-2020-18877
HIGH
wuzhicms v4.1.0 - SQL Injection via Flag Parameter
CVSS 7.5
CVE-2020-22122
HIGH
Find a Place LJCMS 1.3 - SQL Injection via /oa.php?c=Staff&a=read POST Request
CVSS 7.5
CVE-2020-18746
HIGH
AiteCMS 1.0 - SQL Injection via diy_list.php Component
CVSS 7.2
CVE-2020-18164
CRITICAL
tp-shop 2.x-3.x - SQL Injection via fBill Parameter
CVSS 9.8
CVE-2020-13589
HIGH
Rukovoditel 2.7.2 - Authenticated SQL Injection via entities_id Parameter
CVSS 8.8
CVE-2020-13588
HIGH
Rukovoditel 2.7.2 - Authenticated SQL Injection via heading_field_id Parameter
CVSS 8.8
CVE-2020-20981
HIGH
Metinfo 7.0 - SQL Injection via Admin Logs Component
CVSS 7.5
CVE-2020-20975
CRITICAL
Gxlcms v1.1 - SQL Injection via $filename Parameter
CVSS 9.8
CVE-2020-23150
HIGH
rConfig 3.9.5 - SQL Injection via GET Request to ajaxDbInstall.php
CVSS 7.5
CVE-2020-23149
HIGH
rconfig 3.9.5 - SQL Injection via dbName Parameter
CVSS 7.5
CVE-2020-28087
HIGH
jeecg-boot 2.3 - SQL Injection via /sys/dict/loadtreedata
CVSS 7.5
CVE-2020-29011
HIGH
FortiSandbox 3.1.0-3.1.4 and 3.2.0-3.2.2 - Authenticated SQL Injection via Checksum Search and MTA-Quarantine Modules
CVSS 8.8
CVE-2020-21809
CRITICAL
NukeViet CMS Shops 4.0-4.3 - SQL Injection via listid, group_price, or groupid Parameters
CVSS 9.8
CVE-2020-21808
CRITICAL
NukeViet CMS 4.0.10-4.3.07 - SQL Injection via topicsid Parameter
CVSS 9.8
CVE-2020-21806
CRITICAL
ECTouch v2 - SQL Injection via Shop Page in index.php
CVSS 9.8
CVE-2020-18175
CRITICAL
Metinfo 6.1.3 - SQL Injection via dosafety_emailadd Action
CVSS 9.8
CVE-2020-18013
CRITICAL
Whatsns 4.0 - SQL Injection via ip Parameter
CVSS 9.8
CVE-2020-36033
CRITICAL
SourceCodester Water Billing System 1.0 - SQL Injection via edituser.php id Parameter
CVSS 9.8
CVE-2020-23282
HIGH
MV's mConnect <v02.001.00 - SQL Injection
CVSS 7.5
CVE-2020-35427
CRITICAL
PHPGurukul Employee Record Management System 1.1 - SQL Injection
CVSS 9.8
CVE-2020-5320
CRITICAL
Dell EMC OpenManage Enterprise < 3.2 and OpenManage Enterprise-Modular < 1.10.00 - Authenticated SQL Injection
CVSS 9.0
CVE-2020-18155
CRITICAL
Subrion CMS 4.2.1 - SQL Injection via Search Page
CVSS 9.8
CVE-2020-29147
HIGH
Wayang-CMS 1.0 - SQL Injection via wy_side_visitor.php
CVSS 7.5
CVE-2020-18144
CRITICAL
ECTouch v2 - SQL Injection via integral_min Parameter
CVSS 9.8
Details
Vulnerabilities
19,841
Exploit Likelihood
High