CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,842 vulnerabilities with CWE-89
CVE-2020-20473
HIGH
White Shark System 1.3.2 - SQL Injection via Sort Parameter
CVSS 7.5
CVE-2020-20469
HIGH
White Shark System 1.3.2 - SQL Injection via log_edit.php csa_to_user Parameter
CVSS 7.5
CVE-2020-22212
CRITICAL
74cms 3.2.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2020-22211
CRITICAL
74cms 3.2.0 - SQL Injection via key Parameter to plus/ajax_street.php
CVSS 9.8
CVE-2020-22210
CRITICAL
74cms 3.2.0 - SQL Injection via ajax_officebuilding.php x Parameter
CVSS 9.8
CVE-2020-22209
CRITICAL
74cms 3.2.0 - SQL Injection via plus/ajax_common.php Query Parameter
CVSS 9.8
CVE-2020-22208
CRITICAL
74cms 3.2.0 - SQL Injection via plus/ajax_street.php x Parameter
CVSS 9.8
CVE-2020-22206
CRITICAL
ECShop 3.0 - SQL Injection via aid Parameter
CVSS 9.8
CVE-2020-22205
CRITICAL
ECShop 3.0 - SQL Injection via id Parameter to admin/shophelp.php
CVSS 9.8
CVE-2020-22204
CRITICAL
ECShop 2.7.6 - SQL Injection via goods_number Parameter
CVSS 9.8
CVE-2020-22203
CRITICAL
phpcms 2008 sp4 - SQL Injection via Genre Parameter
CVSS 9.8
CVE-2020-22199
CRITICAL
phpCMS 2007 SP6 build 0805 - SQL Injection via digg_mod Parameter
CVSS 9.8
CVE-2020-22198
CRITICAL
dedecms 5.7 - SQL Injection via mdescription Parameter
CVSS 9.8
CVE-2020-29214
CRITICAL
SourceCodester Alumni Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2020-24671
HIGH
Trace Financial CRESTBridge <6.3.0.02 - SQL Injection
CVSS 8.8
CVE-2020-24667
HIGH
Trace Financial CRESTBridge <6.3.0.02 - SQL Injection
CVSS 8.8
CVE-2020-36004
MEDIUM
AppCMS 2.0.101 - SQL Injection via /admin/download_frame.php
CVSS 6.5
CVE-2020-35441
CRITICAL
FDCMS 4.0 - SQL Injection via Admin/Lib/Action/FloginAction.class.php
CVSS 9.8
CVE-2020-25362
HIGH
Online Shopping Alphaware 1.0 - SQL Injection via id Parameter in details.php
CVSS 7.5
CVE-2020-24862
HIGH
Pharmacy Medical Store and Sale Point 1.0 - Time-Based Blind SQL Injection via catID Parameter
CVSS 7.5
CVE-2020-26668
HIGH
BigTree CMS <4.4.10 - SQL Injection
CVSS 8.8
CVE-2020-26677
HIGH
vFairs 3.3 - Authenticated SQL Injection via API
CVSS 8.8
CVE-2020-4990
HIGH
IBM Security Guardium 11.2 - SQL Injection
CVSS 8.8
CVE-2020-25409
CRITICAL
College Management System Php 1.0 - SQL Injection
CVSS 9.8
CVE-2020-13873
CRITICAL
Codoforum < 4.9 - Unauthenticated SQL Injection via get_topic_info()
CVSS 9.8
Details
Vulnerabilities
19,842
Exploit Likelihood
High