CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,843 vulnerabilities with CWE-89
CVE-2020-16104 HIGH
Gallagher Command Centre < 7.90.0 - Authenticated SQL Injection via Enterprise Data Interface
CVSS 8.2
CVE-2020-35382 HIGH
classroombookings < 2.4.1 - SQL Injection via CSV Username Field
CVSS 7.2
CVE-2020-35378 CRITICAL
Online Bus Ticket Reservation 1.0 - SQL Injection via Login Username and Password Fields
CVSS 9.8
CVE-2020-19165 CRITICAL
PHPSHE 1.7 - SQL Injection via userlevel_id Parameter
CVSS 9.8
CVE-2020-29574 CRITICAL KEV
Cyberoam OS - SQL Injection
CVSS 9.8
CVE-2020-13526 HIGH
ProcessMaker 3.4.11 - SQL Injection
CVSS 8.8
CVE-2020-14207 MEDIUM
DiveBook 1.1.4 - Unauthenticated SQL Injection via divelog.php filter_diver Parameter
CVSS 5.3
CVE-2020-25889 CRITICAL
Online Bus Booking System Project Using PHP/MySQL 1.0 - SQL Injection via Login Page
CVSS 9.8
CVE-2020-26248 MEDIUM
PrestaShop productcomments <4.2.1 - SQL Injection
CVSS 6.8
CVE-2020-13525 HIGH
ProcessMaker 3.4.11 - SQL Injection
CVSS 8.8
CVE-2020-29288 CRITICAL
Gym Management System - SQL Injection
CVSS 9.8
CVE-2020-29287 CRITICAL
Car Rental Management System <1.0 - SQL Injection
CVSS 9.8
CVE-2020-29285 CRITICAL
Point of Sales in PHP/PDO 1.0 - SQL Injection via edit_category.php id Parameter
CVSS 9.8
CVE-2020-29284 CRITICAL
Multi Restaurant Table Reservation System 1.0 - Unauthenticated SQL...
CVSS 9.8
CVE-2020-29283 CRITICAL
Online Doctor Appointment Booking System - SQL Injection
CVSS 9.8
CVE-2020-29282 CRITICAL
BloodX 1.0 - SQL Injection
CVSS 9.8
CVE-2020-29280 CRITICAL
Victor CMS 1.0 - SQL Injection via Search Parameter
CVSS 9.8
CVE-2020-25638 HIGH
hibernate-core < 5.4.24.Final - SQL Injection via JPA Criteria API Literal Handling
CVSS 7.4
CVE-2020-6880 CRITICAL
ZTE ZXV10 W908 Firmware < mips_a_1022ipv6r3t6p7y20 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2020-27660 CRITICAL
Synology SafeAccess <1.2.3-0234 - SQL Injection
CVSS 9.6
CVE-2020-28994 CRITICAL
Karenderia Multiple Restaurant System < 5.4.2 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2020-4003 MEDIUM
VMware SD-WAN Orchestrator 3.3.2-3.4.x < 3.4.4 and 4.0.x < 4.0.1 - Authenticated SQL Injection
CVSS 6.5
CVE-2020-3984 MEDIUM
VMware SD-WAN Orchestrator 3.3.2-3.4.3 - Authenticated SQL Injection
CVSS 6.5
CVE-2020-25475 CRITICAL
News Script PHP Pro 2.3 - SQL Injection via id Parameter in editNews Action
CVSS 9.8
CVE-2020-25839 CRITICAL
NetIQ Identity Manager < 4.8 SP2 HF1 - SQL Injection
CVSS 9.8
Details
Vulnerabilities 19,843
Exploit Likelihood High