CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,842 vulnerabilities with CWE-89
CVE-2020-36002
HIGH
seat-reservation-system 1.0 - SQL Injection via index.php id Parameter
CVSS 7.5
CVE-2020-24841
CRITICAL
PNPSCADA 2.200816204020 - SQL Injection via 'interf' Parameter in browse.jsp
CVSS 9.8
CVE-2020-29143
HIGH
OpenEMR < 5.0.2.5 - Authenticated SQL Injection via form_code Parameter
CVSS 7.2
CVE-2020-29140
HIGH
OpenEMR < 5.0.2.5 - Authenticated SQL Injection via Immunization Report form_code Parameter
CVSS 7.2
CVE-2020-29139
HIGH
OpenEMR < 5.0.2.5 - Authenticated SQL Injection via searchFields Parameter
CVSS 7.2
CVE-2020-29142
HIGH
OpenEMR < 5.0.2.5 - Authenticated SQL Injection via schedule_facility Parameter
CVSS 7.2
CVE-2020-22425
HIGH
Centreon 19.10-3.el7 - Authenticated SQL Injection
CVSS 8.8
CVE-2020-27869
HIGH
SolarWinds Network Performance Monitor 2020 HF1, 2020.2 - Authenticated SQL Injection via WriteToFile Method
CVSS 8.8
CVE-2020-18215
HIGH
PHPSHE 1.7 - SQL Injection via ad_id, menu_id, or cashout_id Parameters
CVSS 8.8
CVE-2020-16629
CRITICAL
PhpOK 5.4.137 - SQL Injection via Attachment Data
CVSS 9.8
CVE-2020-26051
CRITICAL
College Management System Php 1.0 - SQL Injection via Unfiltered POST Parameters
CVSS 9.8
CVE-2020-35700
HIGH
LibreNMS < 21.1.0 - Authenticated SQL Injection via Top Devices Widget sort_order Parameter
CVSS 8.8
CVE-2020-35765
HIGH
ManageEngine Applications Manager <= 14930 - Authenticated SQL Injection via showresource.do resourceid Parameter
CVSS 8.8
CVE-2020-18717
CRITICAL
ZZZCMS zzzphp <1.7.1 - SQL Injection
CVSS 9.8
CVE-2020-18716
CRITICAL
Rockoa 1.8.7 - SQL Injection via wordAction.php Parameter
CVSS 9.8
CVE-2020-18714
CRITICAL
Rockoa 1.8.7 - SQL Injection via wordModel.php getdata Function
CVSS 9.8
CVE-2020-18713
CRITICAL
Rockoa 1.8.7 - SQL Injection via customerAction.php Parameter
CVSS 9.8
CVE-2020-29163
HIGH
PacsOne Server < 7.1.1 - SQL Injection
CVSS 8.8
CVE-2020-21180
CRITICAL
koa2-blog 1.0.0 - SQL Injection via Signup Name Parameter
CVSS 9.8
CVE-2020-21179
CRITICAL
koa2-blog 1.0.0 - SQL Injection via Signin Page Name Parameter
CVSS 9.8
CVE-2020-21176
CRITICAL
ThinkJS 3.2.10 - SQL Injection via model.increment and model.decrement step parameter
CVSS 9.8
CVE-2020-20296
CRITICAL
cmswing 1.3.8 - SQL Injection via Recharge Action
CVSS 9.8
CVE-2020-20295
CRITICAL
cmswing 1.3.8 - SQL Injection via updateAction detail parameter
CVSS 9.8
CVE-2020-20294
CRITICAL
cmswing 1.3.8 - SQL Injection via Log Parameter
CVSS 9.8
CVE-2020-20289
CRITICAL
yccms 3.3 - SQL Injection via no_top Function Request Parameter
CVSS 9.8
Details
Vulnerabilities
19,842
Exploit Likelihood
High