CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,842 vulnerabilities with CWE-89
CVE-2020-35245
CRITICAL
Flamingo < 2020-09-29 - SQL Injection in UserManager::addUser
CVSS 9.8
CVE-2020-35244
CRITICAL
Flamingo < 2020-09-29 - SQL Injection via UserManager::addGroup
CVSS 9.8
CVE-2020-35243
CRITICAL
Flamingo < 2020-09-29 - SQL Injection via UserManager::updateUserInfoInDb
CVSS 9.8
CVE-2020-35242
CRITICAL
Flamingo < 2020-09-29 - SQL Injection via UserManager::updateUserTeamInfoInDbAndMemory
CVSS 9.8
CVE-2020-35708
HIGH
phplist 3.5.9 - Authenticated SQL Injection via Config Import Administrators
CVSS 7.2
CVE-2020-29474
CRITICAL
EGavilan Media EGM Address Book 1.0 - SQL Injection
CVSS 9.8
CVE-2020-29472
CRITICAL
EGavilan Media Under Construction page with cPanel 1.0 - SQL Injection
CVSS 9.8
CVE-2020-35666
HIGH
Steedos Platform < 1.21.24 - NoSQL Injection via X-User-Id Parameter
CVSS 8.8
CVE-2020-28074
CRITICAL
SourceCodester Online Health Care System 1.0 - SQL Injection
CVSS 9.8
CVE-2020-28073
CRITICAL
Library Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2020-28070
CRITICAL
SourceCodester Alumni Management System 1.0 - SQL Injection via view_event.php id Parameter
CVSS 9.8
CVE-2020-13968
CRITICAL
CRK Business Platform <= 2019.1 - SQL Injection via strSessao Parameter
CVSS 9.8
CVE-2020-24673
CRITICAL
S+ Operations/S+ Historian - SQL Injection
CVSS 9.8
CVE-2020-35151
HIGH
Online Marriage Registration System 1.0 - SQL Injection
CVSS 8.8
CVE-2020-11717
CRITICAL
bilanc < 014_31.01.2020 - SQL Injection
CVSS 9.8
CVE-2020-21378
CRITICAL
SeaCMS 10.1 - SQL Injection via admin_members_group.php id Parameter
CVSS 9.8
CVE-2020-21377
CRITICAL
yunyecms V2.0.1 - SQL Injection via selcart Parameter
CVSS 9.8
CVE-2020-35276
CRITICAL
EgavilanMedia ECM Address Book 1.0 - SQL Injection via Admin Login Panel Bypass
CVSS 9.8
CVE-2020-20300
CRITICAL
WeiPHP 5.0 - SQL Injection via wp_where Function
CVSS 9.8
CVE-2020-25608
HIGH
Mitel MiCollab < 9.2 - SQL Injection via SAS Portal
CVSS 7.2
CVE-2020-35545
CRITICAL
Spotweb 1.4.9 - Time-based SQL Injection via Query String
CVSS 9.8
CVE-2020-35122
HIGH
Keysight Database Connector <1.5.0 - Privilege Escalation
CVSS 7.5
CVE-2020-20189
CRITICAL
newpk 1.1 - SQL Injection via Title Parameter
CVSS 9.8
CVE-2020-28860
HIGH
OpenAsset Digital Asset Management <= 12.0.19 - Authenticated Blind SQL Injection
CVSS 8.8
CVE-2020-16104
HIGH
Gallagher Command Centre < 7.90.0 - Authenticated SQL Injection via Enterprise Data Interface
CVSS 8.2
Details
Vulnerabilities
19,842
Exploit Likelihood
High