CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,842 vulnerabilities with CWE-89
CVE-2020-36002 HIGH
seat-reservation-system 1.0 - SQL Injection via index.php id Parameter
CVSS 7.5
CVE-2020-24841 CRITICAL
PNPSCADA 2.200816204020 - SQL Injection via 'interf' Parameter in browse.jsp
CVSS 9.8
CVE-2020-29143 HIGH
OpenEMR < 5.0.2.5 - Authenticated SQL Injection via form_code Parameter
CVSS 7.2
CVE-2020-29140 HIGH
OpenEMR < 5.0.2.5 - Authenticated SQL Injection via Immunization Report form_code Parameter
CVSS 7.2
CVE-2020-29139 HIGH
OpenEMR < 5.0.2.5 - Authenticated SQL Injection via searchFields Parameter
CVSS 7.2
CVE-2020-29142 HIGH
OpenEMR < 5.0.2.5 - Authenticated SQL Injection via schedule_facility Parameter
CVSS 7.2
CVE-2020-22425 HIGH
Centreon 19.10-3.el7 - Authenticated SQL Injection
CVSS 8.8
CVE-2020-27869 HIGH
SolarWinds Network Performance Monitor 2020 HF1, 2020.2 - Authenticated SQL Injection via WriteToFile Method
CVSS 8.8
CVE-2020-18215 HIGH
PHPSHE 1.7 - SQL Injection via ad_id, menu_id, or cashout_id Parameters
CVSS 8.8
CVE-2020-16629 CRITICAL
PhpOK 5.4.137 - SQL Injection via Attachment Data
CVSS 9.8
CVE-2020-26051 CRITICAL
College Management System Php 1.0 - SQL Injection via Unfiltered POST Parameters
CVSS 9.8
CVE-2020-35700 HIGH
LibreNMS < 21.1.0 - Authenticated SQL Injection via Top Devices Widget sort_order Parameter
CVSS 8.8
CVE-2020-35765 HIGH
ManageEngine Applications Manager <= 14930 - Authenticated SQL Injection via showresource.do resourceid Parameter
CVSS 8.8
CVE-2020-18717 CRITICAL
ZZZCMS zzzphp <1.7.1 - SQL Injection
CVSS 9.8
CVE-2020-18716 CRITICAL
Rockoa 1.8.7 - SQL Injection via wordAction.php Parameter
CVSS 9.8
CVE-2020-18714 CRITICAL
Rockoa 1.8.7 - SQL Injection via wordModel.php getdata Function
CVSS 9.8
CVE-2020-18713 CRITICAL
Rockoa 1.8.7 - SQL Injection via customerAction.php Parameter
CVSS 9.8
CVE-2020-29163 HIGH
PacsOne Server < 7.1.1 - SQL Injection
CVSS 8.8
CVE-2020-21180 CRITICAL
koa2-blog 1.0.0 - SQL Injection via Signup Name Parameter
CVSS 9.8
CVE-2020-21179 CRITICAL
koa2-blog 1.0.0 - SQL Injection via Signin Page Name Parameter
CVSS 9.8
CVE-2020-21176 CRITICAL
ThinkJS 3.2.10 - SQL Injection via model.increment and model.decrement step parameter
CVSS 9.8
CVE-2020-20296 CRITICAL
cmswing 1.3.8 - SQL Injection via Recharge Action
CVSS 9.8
CVE-2020-20295 CRITICAL
cmswing 1.3.8 - SQL Injection via updateAction detail parameter
CVSS 9.8
CVE-2020-20294 CRITICAL
cmswing 1.3.8 - SQL Injection via Log Parameter
CVSS 9.8
CVE-2020-20289 CRITICAL
yccms 3.3 - SQL Injection via no_top Function Request Parameter
CVSS 9.8
Details
Vulnerabilities 19,842
Exploit Likelihood High