CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,841 vulnerabilities with CWE-89
CVE-2020-18544
CRITICAL
WMS v1.0 - SQL Injection via Username Parameter in chkuser.php
CVSS 9.8
CVE-2020-21133
CRITICAL
Metinfo 7.0.0 beta - SQL Injection via member/getpassword.php
CVSS 9.8
CVE-2020-21132
CRITICAL
Metinfo 7.0.0beta - SQL Injection via index.php
CVSS 9.8
CVE-2020-21131
HIGH
MetInfo 7.0.0beta - SQL Injection via admin/?n=language&c=language_web&a=doAddLanguage
CVSS 7.2
CVE-2020-20585
HIGH
Metinfo 7.0 beta - SQL Injection via Admin Logs Endpoint
CVSS 7.5
CVE-2020-20583
HIGH
LJCMS v4.3.R60321 - SQL Injection via /question.php
CVSS 7.5
CVE-2020-4902
HIGH
IBM Datacap Navigator 9.1.7 - SQL Injection
CVSS 8.8
CVE-2020-21394
HIGH
CRMEB V2.60 and V3.1 - SQL Injection via SystemDatabackup.php tablename Parameter
CVSS 8.8
CVE-2020-23711
CRITICAL
NavigateCMS 2.9 - SQL Injection via URL Encoded GET Input Category
CVSS 9.8
CVE-2020-18667
CRITICAL
WebPort <= 1.19.1 - SQL Injection via New Connection Parameter
CVSS 9.8
CVE-2020-18662
CRITICAL
Gnuboard5 <=5.3.2.8 - SQL Injection
CVSS 9.8
CVE-2020-20392
CRITICAL
imcat 5.2 - SQL Injection via fm[auser] Parameter
CVSS 9.8
CVE-2020-22175
HIGH
PHPGurukul Hospital Management System 4.0 - Unauthenticated SQL Injection via betweendates-detailsreports.php
CVSS 7.5
CVE-2020-22174
HIGH
PHPGurukul Hospital Management System 4.0 - Unauthenticated SQL Injection via Book Appointment Page
CVSS 7.5
CVE-2020-22173
HIGH
PHPGurukul Hospital Management System 4.0 - Unauthenticated SQL Injection via edit-profile.php
CVSS 7.5
CVE-2020-22172
HIGH
PHPGurukul Hospital Management System 4.0 - Unauthenticated SQL Injection in get_doctor.php
CVSS 7.5
CVE-2020-22171
HIGH
PHPGurukul Hospital Management System 4.0 - Unauthenticated SQL Injection in Registration Endpoint
CVSS 7.5
CVE-2020-22170
HIGH
PHPGurukul Hospital Management System 4.0 - Unauthenticated SQL Injection via get_doctor.php
CVSS 7.5
CVE-2020-22169
HIGH
PHPGurukul Hospital Management System 4.0 - Unauthenticated SQL Injection via Appointment History
CVSS 7.5
CVE-2020-22168
HIGH
PHPGurukul Hospital Management System 4.0 - Unauthenticated SQL Injection via change-emaild.php
CVSS 7.5
CVE-2020-22166
HIGH
PHPGurukul Hospital Management System 4.0 - Unauthenticated SQL Injection via Forgot Password Endpoint
CVSS 7.5
CVE-2020-22165
HIGH
PHPGurukul Hospital Management System 4.0 - Unauthenticated SQL Injection in user-login.php
CVSS 7.5
CVE-2020-22164
HIGH
PHPGurukul Hospital Management System 4.0 - Unauthenticated SQL Injection in check_availability.php
CVSS 7.5
CVE-2020-20474
HIGH
White Shark System 1.3.2 - SQL Injection via csa_to_user Parameter
CVSS 7.5
CVE-2020-20473
HIGH
White Shark System 1.3.2 - SQL Injection via Sort Parameter
CVSS 7.5
Details
Vulnerabilities
19,841
Exploit Likelihood
High