CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,842 vulnerabilities with CWE-89
CVE-2020-20473 HIGH
White Shark System 1.3.2 - SQL Injection via Sort Parameter
CVSS 7.5
CVE-2020-20469 HIGH
White Shark System 1.3.2 - SQL Injection via log_edit.php csa_to_user Parameter
CVSS 7.5
CVE-2020-22212 CRITICAL
74cms 3.2.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2020-22211 CRITICAL
74cms 3.2.0 - SQL Injection via key Parameter to plus/ajax_street.php
CVSS 9.8
CVE-2020-22210 CRITICAL
74cms 3.2.0 - SQL Injection via ajax_officebuilding.php x Parameter
CVSS 9.8
CVE-2020-22209 CRITICAL
74cms 3.2.0 - SQL Injection via plus/ajax_common.php Query Parameter
CVSS 9.8
CVE-2020-22208 CRITICAL
74cms 3.2.0 - SQL Injection via plus/ajax_street.php x Parameter
CVSS 9.8
CVE-2020-22206 CRITICAL
ECShop 3.0 - SQL Injection via aid Parameter
CVSS 9.8
CVE-2020-22205 CRITICAL
ECShop 3.0 - SQL Injection via id Parameter to admin/shophelp.php
CVSS 9.8
CVE-2020-22204 CRITICAL
ECShop 2.7.6 - SQL Injection via goods_number Parameter
CVSS 9.8
CVE-2020-22203 CRITICAL
phpcms 2008 sp4 - SQL Injection via Genre Parameter
CVSS 9.8
CVE-2020-22199 CRITICAL
phpCMS 2007 SP6 build 0805 - SQL Injection via digg_mod Parameter
CVSS 9.8
CVE-2020-22198 CRITICAL
dedecms 5.7 - SQL Injection via mdescription Parameter
CVSS 9.8
CVE-2020-29214 CRITICAL
SourceCodester Alumni Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2020-24671 HIGH
Trace Financial CRESTBridge <6.3.0.02 - SQL Injection
CVSS 8.8
CVE-2020-24667 HIGH
Trace Financial CRESTBridge <6.3.0.02 - SQL Injection
CVSS 8.8
CVE-2020-36004 MEDIUM
AppCMS 2.0.101 - SQL Injection via /admin/download_frame.php
CVSS 6.5
CVE-2020-35441 CRITICAL
FDCMS 4.0 - SQL Injection via Admin/Lib/Action/FloginAction.class.php
CVSS 9.8
CVE-2020-25362 HIGH
Online Shopping Alphaware 1.0 - SQL Injection via id Parameter in details.php
CVSS 7.5
CVE-2020-24862 HIGH
Pharmacy Medical Store and Sale Point 1.0 - Time-Based Blind SQL Injection via catID Parameter
CVSS 7.5
CVE-2020-26668 HIGH
BigTree CMS <4.4.10 - SQL Injection
CVSS 8.8
CVE-2020-26677 HIGH
vFairs 3.3 - Authenticated SQL Injection via API
CVSS 8.8
CVE-2020-4990 HIGH
IBM Security Guardium 11.2 - SQL Injection
CVSS 8.8
CVE-2020-25409 CRITICAL
College Management System Php 1.0 - SQL Injection
CVSS 9.8
CVE-2020-13873 CRITICAL
Codoforum < 4.9 - Unauthenticated SQL Injection via get_topic_info()
CVSS 9.8
Details
Vulnerabilities 19,842
Exploit Likelihood High