CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,842 vulnerabilities with CWE-89
CVE-2020-27246 HIGH
OpenClinic GA 5.173.3 - SQL Injection
CVSS 8.8
CVE-2020-27245 HIGH
OpenClinic GA <5.173.3 - Authenticated SQL Injection
CVSS 8.8
CVE-2020-27244 HIGH
OpenClinic GA 5.173.3 - SQL Injection
CVSS 8.8
CVE-2020-27243 HIGH
OpenClinic GA 5.173.3 - SQL Injection
CVSS 8.8
CVE-2020-27242 HIGH
OpenClinic GA 5.173.3 - SQL Injection
CVSS 8.8
CVE-2020-27232 HIGH
OpenClinic GA <5.173.3 - SQL Injection
CVSS 8.8
CVE-2020-27231 HIGH
OpenClinic GA <5.173.3 - SQL Injection
CVSS 8.8
CVE-2020-27230 HIGH
OpenClinic GA 5.173.3 - Authenticated SQL Injection
CVSS 8.8
CVE-2020-27229 HIGH
OpenClinic GA 5.173.3 - SQL Injection
CVSS 8.8
CVE-2020-27226 HIGH
OpenClinic GA <5.173.3 - SQL Injection
CVSS 8.8
CVE-2020-19114 CRITICAL
Online Book Store v1.0 - SQL Injection
CVSS 9.8
CVE-2020-19112 CRITICAL
Online Book Store v1.0 - SQL Injection
CVSS 9.8
CVE-2020-19110 CRITICAL
Online Book Store v1.0 - SQL Injection
CVSS 9.8
CVE-2020-19109 CRITICAL
Online Book Store v1.0 - SQL Injection
CVSS 9.8
CVE-2020-19108 CRITICAL
Online Book Store v1.0 - SQL Injection
CVSS 9.8
CVE-2020-19107 CRITICAL
Online Book Store v1.0 - SQL Injection
CVSS 9.8
CVE-2020-15153 HIGH
Ampache < 4.2.2 - Unauthenticated SQL Injection
CVSS 8.2
CVE-2020-22807 CRITICAL
vtiger CRM 7.2 - SQL Injection via Calendar ExportData Feature
CVSS 9.8
CVE-2020-35430 CRITICAL
Inxedu v2.0.6 - SQL Injection via Admin MsgSystemController ids Parameter
CVSS 9.8
CVE-2020-22781 HIGH
Etherpad < 1.8.3 - Denial of Service via Unhandled Exception in Cache Mechanism
CVSS 7.5
CVE-2020-18020 CRITICAL
PHPSHE Mall System <1.7 - SQL Injection
CVSS 9.8
CVE-2020-18019 HIGH
Xinhu OA System <1.8.3 - SQL Injection
CVSS 7.5
CVE-2020-27241 CRITICAL
OpenClinic GA <5.173.3 - SQL Injection
CVSS 9.8
CVE-2020-27240 CRITICAL
OpenClinic GA 5.173.3 - SQL Injection
CVSS 9.8
CVE-2020-36195 CRITICAL
QNAP QTS - SQL Injection via Multimedia Console or Media Streaming Add-on
CVSS 9.8
Details
Vulnerabilities 19,842
Exploit Likelihood High