CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,842 vulnerabilities with CWE-89
CVE-2020-27239
CRITICAL
OpenClinic GA <5.173.3 - SQL Injection
CVSS 9.8
CVE-2020-27238
CRITICAL
OpenClinic GA <5.173.3 - SQL Injection
CVSS 9.8
CVE-2020-27237
CRITICAL
OpenClinic GA <5.173.3 - SQL Injection
CVSS 9.8
CVE-2020-27236
CRITICAL
OpenClinic GA <5.173.3 - SQL Injection
CVSS 9.8
CVE-2020-27235
CRITICAL
OpenClinic GA <5.173.3 - SQL Injection
CVSS 9.8
CVE-2020-27234
CRITICAL
OpenClinic GA <5.173.3 - SQL Injection
CVSS 9.8
CVE-2020-27233
CRITICAL
OpenClinic GA <5.173.3 - SQL Injection
CVSS 9.8
CVE-2020-13568
HIGH
Open-emr Openemr - SQL Injection
CVSS 8.8
CVE-2020-13566
HIGH
Open-emr Openemr - SQL Injection
CVSS 8.8
CVE-2020-23763
CRITICAL
Online Book Store 1.0 - SQL Injection
CVSS 9.8
CVE-2020-13592
HIGH
Rukovoditel 2.7.2 - Authenticated SQL Injection via Global Lists Choices Page
CVSS 8.8
CVE-2020-13591
HIGH
Rukovoditel 2.7.2 - Authenticated SQL Injection via Access Rules Rules Form Page
CVSS 8.8
CVE-2020-13587
HIGH
Rukovoditel 2.7.2 - Authenticated SQL Injection via Forms Fields Rules Page
CVSS 8.8
CVE-2020-28172
CRITICAL
Simple College Website 1.0 - Unauthenticated SQL Injection via Admin Login Endpoint
CVSS 9.8
CVE-2020-10582
CRITICAL
Invigo Automatic Device Management < 5.0 - SQL Injection via /admin/display_errors.php
CVSS 9.8
CVE-2020-35337
CRITICAL
ThinkSAAS < 3.38 - SQL Injection via Topic Title Parameter
CVSS 9.8
CVE-2020-6577
CRITICAL
IT-Recht Kanzlei Plugin for Zen Cart 1.5.6c - SQL Injection via itrk-api.php rechtstext_language Parameter
CVSS 9.8
CVE-2020-24877
CRITICAL
zzzphp 1.8.0 - SQL Injection via /form/index.php?module=getjson
CVSS 9.8
CVE-2020-24791
CRITICAL
FUEL CMS 1.4.8 - SQL Injection via fuel_replace_id Parameter
CVSS 9.8
CVE-2020-35329
MEDIUM
Courier Management System 1.0 - SQL Injection via MULTIPART street Parameter
CVSS 6.5
CVE-2020-35327
MEDIUM
Courier Management System 1.0 - SQL Injection via ref_no Parameter
CVSS 6.5
CVE-2020-24913
CRITICAL
qcubed < 3.1.1 and >=0 < 3.2 - Unauthenticated SQL Injection via profile.php strQuery Parameter
CVSS 9.8
CVE-2020-28657
CRITICAL
bPanel 2.0 - Unauthenticated SQL Injection via Administrative AJAX Endpoints
CVSS 9.8
CVE-2020-24617
HIGH
Mailtrain < 1.24.1 - SQL Injection via statsClickedSubscribersByColumn
CVSS 8.8
CVE-2020-36003
HIGH
Online Book Store 1.0 - SQL Injection via detail.php id Parameter
CVSS 7.5
Details
Vulnerabilities
19,842
Exploit Likelihood
High