CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,843 vulnerabilities with CWE-89
CVE-2020-25700
MEDIUM
moodle 3.5.0-3.5.14, 3.7.0-3.7.8, 3.8.0-3.8.5, 3.9.0-3.9.2 - SQL Injection via Database Module Web Services
CVSS 6.5
CVE-2020-26075
HIGH
Cisco IoT Field Network Director < 4.6.1 - Authenticated SQL Injection via REST API
CVSS 8.8
CVE-2020-28091
HIGH
cxuucms v3 - SQL Injection via search.php Keywords Parameter
CVSS 7.5
CVE-2020-28183
CRITICAL
SourceCodester Water Billing System 1.0 - SQL Injection via Username and Password Parameters
CVSS 9.8
CVE-2020-28133
CRITICAL
Simple Grocery Store Sales and Inventory System - Authentication Bypass and SQL Injection via Login
CVSS 9.8
CVE-2020-28138
CRITICAL
SourceCodester Online Clothing Store 1.0 - SQL Injection via txtUserName Parameter
CVSS 9.8
CVE-2020-21665
HIGH
fastadmin V1.0.0.20191212_beta - Authenticated SQL Injection via /admin/ajax/weigh
CVSS 7.2
CVE-2020-4655
HIGH
IBM Sterling B2B Integrator 5.2.0.0-5.2.6.5 and 6.0.0.0-6.0.3.2 - SQL Injection
CVSS 8.8
CVE-2020-4647
HIGH
IBM Sterling File Gateway 2.2.0.0-2.2.6.5 and 6.0.0.0-6.0.3.2 - SQL Injection
CVSS 8.8
CVE-2020-25952
CRITICAL
PHPGurukul User Registration & Login and User Management System 2.1 - SQL Injection
CVSS 9.8
CVE-2020-13769
HIGH
Ivanti Endpoint Manager < 2020.1 - SQL Injection via /remotecontrolauth/api/device Request
CVSS 8.8
CVE-2020-5659
HIGH
XooNIps < 3.49 - Authenticated SQL Injection
CVSS 8.8
CVE-2020-25695
HIGH
PostgreSQL < 13.1, < 12.5, < 11.10, < 10.15, < 9.6.20, < 9.5.24 - SQL Injection via Object Creation
CVSS 8.8
CVE-2020-21667
HIGH
fastadmin-tp6 v1.0 - SQL Injection via 'table' Parameter
CVSS 7.2
CVE-2020-13877
CRITICAL
ResourceXpress Meeting Monitor 4.9 - SQL Injection
CVSS 9.8
CVE-2020-26805
HIGH
Sentrifugo 3.2 - Authenticated SQL Injection via employeeNumId Parameter
CVSS 7.2
CVE-2020-27481
CRITICAL
Good Layers LMS Plugin <= 2.1.4 - SQL Injection
CVSS 9.8
CVE-2020-24400
HIGH
Magento <2.4.0-2.3.5 - SQL Injection
CVSS 7.1
CVE-2020-28115
HIGH
audimexee < 14.1.1 - SQL Injection via Documents Component object_path Parameter
CVSS 8.8
CVE-2020-7759
MEDIUM
pimcore/pimcore <6.8.3 - SQL Injection
CVSS 6.5
CVE-2020-27886
CRITICAL
eyesofnetwork 5.3-7-5.3-8 - Unauthenticated SQL Injection via username_available Function
CVSS 9.8
CVE-2020-27995
CRITICAL
Zoho ManageEngine Applications Manager < 14560 - SQL Injection via MyPage.do template_resid Parameter
CVSS 9.8
CVE-2020-23945
HIGH
Victor CMS V1.0 - SQL Injection via cat_id Parameter
CVSS 7.5
CVE-2020-25034
MEDIUM
FireEye Email Malware Protection System < 9.0.1 - Authenticated SQL Injection via Email Search Parameters
CVSS 6.5
CVE-2020-27615
CRITICAL
WordPress <1.6.4 - SQL Injection/XSS
CVSS 9.8
Details
Vulnerabilities
19,843
Exploit Likelihood
High