CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,842 vulnerabilities with CWE-89
CVE-2020-5428
MEDIUM
Spring Cloud Task <2.2.4.RELEASE - SQL Injection
CVSS 6.0
CVE-2020-5427
HIGH
Spring Cloud Data Flow <2.6.5-2.5.4 - SQL Injection
CVSS 7.2
CVE-2020-35270
CRITICAL
Student Result Management System - SQL Injection
CVSS 9.1
CVE-2020-35263
CRITICAL
EgavilanMedia User Registration & Login System 1.0 - SQL Injection in Admin Panel
CVSS 9.8
CVE-2020-23262
CRITICAL
Ming-Soft MCMS <5.0 - SQL Injection
CVSS 9.8
CVE-2020-4921
HIGH
IBM Security Guardium 10.6 and 11.2 - SQL Injection
CVSS 8.8
CVE-2020-27733
HIGH
Zoho ManageEngine Applications Manager < 14 build 14880 - Authenticated SQL Injection via Alarmview Request
CVSS 8.8
CVE-2020-29493
CRITICAL
DELL EMC Avamar Server <19.3 - SQL Injection
CVSS 10.0
CVE-2020-29015
CRITICAL
FortiWeb < 6.2.4 and 6.3.0-6.3.7 - Unauthenticated Blind SQL Injection via Authorization Header
CVSS 9.8
CVE-2020-26712
CRITICAL
REDCap 10.3.4 - SQL Injection via ToDoList Sort Parameter
CVSS 9.8
CVE-2020-35701
HIGH
Cacti 1.2.0-1.2.16 - Authenticated SQL Injection via data_debug.php site_id Parameter
CVSS 8.8
CVE-2020-23630
HIGH
zzcms 201910 - Blind SQL Injection via Cookie
CVSS 8.8
CVE-2020-26773
HIGH
Restaurant Reservation System 1.0 - Authenticated SQL Injection
CVSS 8.8
CVE-2020-29437
HIGH
OrangeHRM < 4.6.0.1 - Authenticated SQL Injection via Buzz Module Profile User ID Parameter
CVSS 8.1
CVE-2020-26045
CRITICAL
FUEL CMS 1.4.11 - SQL Injection via Name Parameter in Permissions Create Endpoint
CVSS 9.8
CVE-2020-36112
CRITICAL
CSE Bookstore 1.0 - SQL Injection via pubid Parameter
CVSS 9.8
CVE-2020-35743
HIGH
HGiga MailSherlock < 4.5-133 - SQL Injection via URL Parameter
CVSS 7.0
CVE-2020-35742
HIGH
HGiga MailSherlock < 4.5-133 - SQL Injection via URL Parameter
CVSS 7.0
CVE-2020-28413
MEDIUM
MantisBT < 2.24.4 - SQL Injection via API SOAP mc_project_get_users Parameter
CVSS 5.3
CVE-2020-29228
HIGH
EGavilanMedia User Registration and Login System With Admin Panel 1.0 - SQL Injection in User Login Page
CVSS 7.5
CVE-2020-27848
HIGH
dotcms < 20.10.1 - Authenticated SQL Injection via orderby Parameter
CVSS 8.8
CVE-2020-35848
CRITICAL
Agentejo Cockpit < 0.11.2 - NoSQL Injection via Auth Controller New Password Function
CVSS 9.8
CVE-2020-35847
CRITICAL
Cockpit CMS NoSQLi to RCE
CVSS 9.8
CVE-2020-35846
CRITICAL
Agentejo Cockpit < 0.11.2 - NoSQL Injection via Auth Controller Check Function
CVSS 9.8
CVE-2020-35613
CRITICAL
Joomla! 3.0.0-3.9.22 - SQL Injection in Backend User List
CVSS 9.8
Details
Vulnerabilities
19,842
Exploit Likelihood
High