CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,841 vulnerabilities with CWE-89
CVE-2020-18913 HIGH
ESPCMS-P8 - SQL Injection via Search.php attr_array Parameter
CVSS 7.5
CVE-2020-18877 HIGH
wuzhicms v4.1.0 - SQL Injection via Flag Parameter
CVSS 7.5
CVE-2020-22122 HIGH
Find a Place LJCMS 1.3 - SQL Injection via /oa.php?c=Staff&a=read POST Request
CVSS 7.5
CVE-2020-18746 HIGH
AiteCMS 1.0 - SQL Injection via diy_list.php Component
CVSS 7.2
CVE-2020-18164 CRITICAL
tp-shop 2.x-3.x - SQL Injection via fBill Parameter
CVSS 9.8
CVE-2020-13589 HIGH
Rukovoditel 2.7.2 - Authenticated SQL Injection via entities_id Parameter
CVSS 8.8
CVE-2020-13588 HIGH
Rukovoditel 2.7.2 - Authenticated SQL Injection via heading_field_id Parameter
CVSS 8.8
CVE-2020-20981 HIGH
Metinfo 7.0 - SQL Injection via Admin Logs Component
CVSS 7.5
CVE-2020-20975 CRITICAL
Gxlcms v1.1 - SQL Injection via $filename Parameter
CVSS 9.8
CVE-2020-23150 HIGH
rConfig 3.9.5 - SQL Injection via GET Request to ajaxDbInstall.php
CVSS 7.5
CVE-2020-23149 HIGH
rconfig 3.9.5 - SQL Injection via dbName Parameter
CVSS 7.5
CVE-2020-28087 HIGH
jeecg-boot 2.3 - SQL Injection via /sys/dict/loadtreedata
CVSS 7.5
CVE-2020-29011 HIGH
FortiSandbox 3.1.0-3.1.4 and 3.2.0-3.2.2 - Authenticated SQL Injection via Checksum Search and MTA-Quarantine Modules
CVSS 8.8
CVE-2020-21809 CRITICAL
NukeViet CMS Shops 4.0-4.3 - SQL Injection via listid, group_price, or groupid Parameters
CVSS 9.8
CVE-2020-21808 CRITICAL
NukeViet CMS 4.0.10-4.3.07 - SQL Injection via topicsid Parameter
CVSS 9.8
CVE-2020-21806 CRITICAL
ECTouch v2 - SQL Injection via Shop Page in index.php
CVSS 9.8
CVE-2020-18175 CRITICAL
Metinfo 6.1.3 - SQL Injection via dosafety_emailadd Action
CVSS 9.8
CVE-2020-18013 CRITICAL
Whatsns 4.0 - SQL Injection via ip Parameter
CVSS 9.8
CVE-2020-36033 CRITICAL
SourceCodester Water Billing System 1.0 - SQL Injection via edituser.php id Parameter
CVSS 9.8
CVE-2020-23282 HIGH
MV's mConnect <v02.001.00 - SQL Injection
CVSS 7.5
CVE-2020-35427 CRITICAL
PHPGurukul Employee Record Management System 1.1 - SQL Injection
CVSS 9.8
CVE-2020-5320 CRITICAL
Dell EMC OpenManage Enterprise < 3.2 and OpenManage Enterprise-Modular < 1.10.00 - Authenticated SQL Injection
CVSS 9.0
CVE-2020-18155 CRITICAL
Subrion CMS 4.2.1 - SQL Injection via Search Page
CVSS 9.8
CVE-2020-29147 HIGH
Wayang-CMS 1.0 - SQL Injection via wy_side_visitor.php
CVSS 7.5
CVE-2020-18144 CRITICAL
ECTouch v2 - SQL Injection via integral_min Parameter
CVSS 9.8
Details
Vulnerabilities 19,841
Exploit Likelihood High