CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,843 vulnerabilities with CWE-89
CVE-2020-5651 HIGH
Simple Download Monitor <3.8.8 - SQL Injection
CVSS 8.8
CVE-2020-25157 HIGH
R-SeeNet 1.5.1-2.4.10 - SQL Injection
CVSS 7.5
CVE-2020-9417 HIGH
TIBCO Foresight Transaction Insight Reporting Component <= 5.1.0 - Authenticated SQL Injection
CVSS 7.6
CVE-2020-26944 CRITICAL
Aptean Product Configurator <4.61.0000 - SQL Injection
CVSS 9.8
CVE-2020-15792 MEDIUM
Desigo Insight - Authenticated SQL Injection via Query Parameter
CVSS 4.3
CVE-2020-7383 MEDIUM
Rapid7 Nexpose < 6.6.49 - Authenticated SQL Injection
CVSS 6.5
CVE-2020-26546 HIGH
HelpDeskZ 1.0.2 - SQL Injection via RememberMe Auto-Login Feature
CVSS 7.5
CVE-2020-26935 CRITICAL
phpMyAdmin <4.9.6, <5.0.3 - SQL Injection
CVSS 9.8
CVE-2020-25273 CRITICAL
Online Bus Booking System 1.0 - Authentication Bypass via SQL Injection in Admin Login
CVSS 9.8
CVE-2020-15226 MEDIUM
GLPI < 9.5.2 - Authenticated SQL Injection via API Search Function
CVSS 5.0
CVE-2020-15176 HIGH
GLPI < 9.5.2 - SQL Injection via Backtick Input
CVSS 8.7
CVE-2020-16267 HIGH
Zoho ManageEngine Applications Manager <= 14740 - Authenticated SQL Injection via RCA Module
CVSS 8.8
CVE-2020-15927 HIGH
ManageEngine Applications Manager <= 14740 - Authenticated SQL Injection via SAP Module JSP Request
CVSS 8.8
CVE-2020-26525 CRITICAL
Damstra Smart Asset <2020.7 - SQL Injection
CVSS 9.1
CVE-2020-24568 MEDIUM
mymbCONNECT24 <2.6.1 - SQL Injection
CVSS 6.5
CVE-2020-26518 CRITICAL
Artica Pandora FMS <743 - SQL Injection
CVSS 9.8
CVE-2020-15533 CRITICAL
Zoho ManageEngine Application Manager < 14.6 - Unauthenticated SQL Injection in AlarmEscalation Module
CVSS 9.8
CVE-2020-25990 CRITICAL
WebsiteBaker 2.12.2 - SQL Injection via Display Name Parameter
CVSS 9.8
CVE-2020-12870 CRITICAL
RainbowFish PacsOne Server 6.8.4 - SQL Injection
CVSS 9.8
CVE-2020-15849 HIGH
Re:Desk 2.3 - Authenticated SQL Injection in SettingsController
CVSS 7.2
CVE-2020-26042 CRITICAL
Hoosk CMS 1.8.0 - SQL Injection via install/index.php
CVSS 9.8
CVE-2020-25762 CRITICAL
Seat Reservation System 1.0 - SQL Injection via admin_class.php Login Parameters
CVSS 9.1
CVE-2020-25760 HIGH
Projectworlds Visitor Management System in PHP 1.0 - SQL Injection via 'rid' Parameter
CVSS 8.8
CVE-2020-24569 MEDIUM
mymbCONNECT24 <2.6.1 - SQL Injection
CVSS 4.3
CVE-2020-20800 CRITICAL
MetInfo 7.0.0 beta - SQL Injection via install/index.php URI
CVSS 9.8
Details
Vulnerabilities 19,843
Exploit Likelihood High