CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,842 vulnerabilities with CWE-89
CVE-2020-27246
HIGH
OpenClinic GA 5.173.3 - SQL Injection
CVSS 8.8
CVE-2020-27245
HIGH
OpenClinic GA <5.173.3 - Authenticated SQL Injection
CVSS 8.8
CVE-2020-27244
HIGH
OpenClinic GA 5.173.3 - SQL Injection
CVSS 8.8
CVE-2020-27243
HIGH
OpenClinic GA 5.173.3 - SQL Injection
CVSS 8.8
CVE-2020-27242
HIGH
OpenClinic GA 5.173.3 - SQL Injection
CVSS 8.8
CVE-2020-27232
HIGH
OpenClinic GA <5.173.3 - SQL Injection
CVSS 8.8
CVE-2020-27231
HIGH
OpenClinic GA <5.173.3 - SQL Injection
CVSS 8.8
CVE-2020-27230
HIGH
OpenClinic GA 5.173.3 - Authenticated SQL Injection
CVSS 8.8
CVE-2020-27229
HIGH
OpenClinic GA 5.173.3 - SQL Injection
CVSS 8.8
CVE-2020-27226
HIGH
OpenClinic GA <5.173.3 - SQL Injection
CVSS 8.8
CVE-2020-19114
CRITICAL
Online Book Store v1.0 - SQL Injection
CVSS 9.8
CVE-2020-19112
CRITICAL
Online Book Store v1.0 - SQL Injection
CVSS 9.8
CVE-2020-19110
CRITICAL
Online Book Store v1.0 - SQL Injection
CVSS 9.8
CVE-2020-19109
CRITICAL
Online Book Store v1.0 - SQL Injection
CVSS 9.8
CVE-2020-19108
CRITICAL
Online Book Store v1.0 - SQL Injection
CVSS 9.8
CVE-2020-19107
CRITICAL
Online Book Store v1.0 - SQL Injection
CVSS 9.8
CVE-2020-15153
HIGH
Ampache < 4.2.2 - Unauthenticated SQL Injection
CVSS 8.2
CVE-2020-22807
CRITICAL
vtiger CRM 7.2 - SQL Injection via Calendar ExportData Feature
CVSS 9.8
CVE-2020-35430
CRITICAL
Inxedu v2.0.6 - SQL Injection via Admin MsgSystemController ids Parameter
CVSS 9.8
CVE-2020-22781
HIGH
Etherpad < 1.8.3 - Denial of Service via Unhandled Exception in Cache Mechanism
CVSS 7.5
CVE-2020-18020
CRITICAL
PHPSHE Mall System <1.7 - SQL Injection
CVSS 9.8
CVE-2020-18019
HIGH
Xinhu OA System <1.8.3 - SQL Injection
CVSS 7.5
CVE-2020-27241
CRITICAL
OpenClinic GA <5.173.3 - SQL Injection
CVSS 9.8
CVE-2020-27240
CRITICAL
OpenClinic GA 5.173.3 - SQL Injection
CVSS 9.8
CVE-2020-36195
CRITICAL
QNAP QTS - SQL Injection via Multimedia Console or Media Streaming Add-on
CVSS 9.8
Details
Vulnerabilities
19,842
Exploit Likelihood
High