CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,841 vulnerabilities with CWE-89
CVE-2020-18544 CRITICAL
WMS v1.0 - SQL Injection via Username Parameter in chkuser.php
CVSS 9.8
CVE-2020-21133 CRITICAL
Metinfo 7.0.0 beta - SQL Injection via member/getpassword.php
CVSS 9.8
CVE-2020-21132 CRITICAL
Metinfo 7.0.0beta - SQL Injection via index.php
CVSS 9.8
CVE-2020-21131 HIGH
MetInfo 7.0.0beta - SQL Injection via admin/?n=language&c=language_web&a=doAddLanguage
CVSS 7.2
CVE-2020-20585 HIGH
Metinfo 7.0 beta - SQL Injection via Admin Logs Endpoint
CVSS 7.5
CVE-2020-20583 HIGH
LJCMS v4.3.R60321 - SQL Injection via /question.php
CVSS 7.5
CVE-2020-4902 HIGH
IBM Datacap Navigator 9.1.7 - SQL Injection
CVSS 8.8
CVE-2020-21394 HIGH
CRMEB V2.60 and V3.1 - SQL Injection via SystemDatabackup.php tablename Parameter
CVSS 8.8
CVE-2020-23711 CRITICAL
NavigateCMS 2.9 - SQL Injection via URL Encoded GET Input Category
CVSS 9.8
CVE-2020-18667 CRITICAL
WebPort <= 1.19.1 - SQL Injection via New Connection Parameter
CVSS 9.8
CVE-2020-18662 CRITICAL
Gnuboard5 <=5.3.2.8 - SQL Injection
CVSS 9.8
CVE-2020-20392 CRITICAL
imcat 5.2 - SQL Injection via fm[auser] Parameter
CVSS 9.8
CVE-2020-22175 HIGH
PHPGurukul Hospital Management System 4.0 - Unauthenticated SQL Injection via betweendates-detailsreports.php
CVSS 7.5
CVE-2020-22174 HIGH
PHPGurukul Hospital Management System 4.0 - Unauthenticated SQL Injection via Book Appointment Page
CVSS 7.5
CVE-2020-22173 HIGH
PHPGurukul Hospital Management System 4.0 - Unauthenticated SQL Injection via edit-profile.php
CVSS 7.5
CVE-2020-22172 HIGH
PHPGurukul Hospital Management System 4.0 - Unauthenticated SQL Injection in get_doctor.php
CVSS 7.5
CVE-2020-22171 HIGH
PHPGurukul Hospital Management System 4.0 - Unauthenticated SQL Injection in Registration Endpoint
CVSS 7.5
CVE-2020-22170 HIGH
PHPGurukul Hospital Management System 4.0 - Unauthenticated SQL Injection via get_doctor.php
CVSS 7.5
CVE-2020-22169 HIGH
PHPGurukul Hospital Management System 4.0 - Unauthenticated SQL Injection via Appointment History
CVSS 7.5
CVE-2020-22168 HIGH
PHPGurukul Hospital Management System 4.0 - Unauthenticated SQL Injection via change-emaild.php
CVSS 7.5
CVE-2020-22166 HIGH
PHPGurukul Hospital Management System 4.0 - Unauthenticated SQL Injection via Forgot Password Endpoint
CVSS 7.5
CVE-2020-22165 HIGH
PHPGurukul Hospital Management System 4.0 - Unauthenticated SQL Injection in user-login.php
CVSS 7.5
CVE-2020-22164 HIGH
PHPGurukul Hospital Management System 4.0 - Unauthenticated SQL Injection in check_availability.php
CVSS 7.5
CVE-2020-20474 HIGH
White Shark System 1.3.2 - SQL Injection via csa_to_user Parameter
CVSS 7.5
CVE-2020-20473 HIGH
White Shark System 1.3.2 - SQL Injection via Sort Parameter
CVSS 7.5
Details
Vulnerabilities 19,841
Exploit Likelihood High