CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,843 vulnerabilities with CWE-89
CVE-2020-5651
HIGH
Simple Download Monitor <3.8.8 - SQL Injection
CVSS 8.8
CVE-2020-25157
HIGH
R-SeeNet 1.5.1-2.4.10 - SQL Injection
CVSS 7.5
CVE-2020-9417
HIGH
TIBCO Foresight Transaction Insight Reporting Component <= 5.1.0 - Authenticated SQL Injection
CVSS 7.6
CVE-2020-26944
CRITICAL
Aptean Product Configurator <4.61.0000 - SQL Injection
CVSS 9.8
CVE-2020-15792
MEDIUM
Desigo Insight - Authenticated SQL Injection via Query Parameter
CVSS 4.3
CVE-2020-7383
MEDIUM
Rapid7 Nexpose < 6.6.49 - Authenticated SQL Injection
CVSS 6.5
CVE-2020-26546
HIGH
HelpDeskZ 1.0.2 - SQL Injection via RememberMe Auto-Login Feature
CVSS 7.5
CVE-2020-26935
CRITICAL
phpMyAdmin <4.9.6, <5.0.3 - SQL Injection
CVSS 9.8
CVE-2020-25273
CRITICAL
Online Bus Booking System 1.0 - Authentication Bypass via SQL Injection in Admin Login
CVSS 9.8
CVE-2020-15226
MEDIUM
GLPI < 9.5.2 - Authenticated SQL Injection via API Search Function
CVSS 5.0
CVE-2020-15176
HIGH
GLPI < 9.5.2 - SQL Injection via Backtick Input
CVSS 8.7
CVE-2020-16267
HIGH
Zoho ManageEngine Applications Manager <= 14740 - Authenticated SQL Injection via RCA Module
CVSS 8.8
CVE-2020-15927
HIGH
ManageEngine Applications Manager <= 14740 - Authenticated SQL Injection via SAP Module JSP Request
CVSS 8.8
CVE-2020-26525
CRITICAL
Damstra Smart Asset <2020.7 - SQL Injection
CVSS 9.1
CVE-2020-24568
MEDIUM
mymbCONNECT24 <2.6.1 - SQL Injection
CVSS 6.5
CVE-2020-26518
CRITICAL
Artica Pandora FMS <743 - SQL Injection
CVSS 9.8
CVE-2020-15533
CRITICAL
Zoho ManageEngine Application Manager < 14.6 - Unauthenticated SQL Injection in AlarmEscalation Module
CVSS 9.8
CVE-2020-25990
CRITICAL
WebsiteBaker 2.12.2 - SQL Injection via Display Name Parameter
CVSS 9.8
CVE-2020-12870
CRITICAL
RainbowFish PacsOne Server 6.8.4 - SQL Injection
CVSS 9.8
CVE-2020-15849
HIGH
Re:Desk 2.3 - Authenticated SQL Injection in SettingsController
CVSS 7.2
CVE-2020-26042
CRITICAL
Hoosk CMS 1.8.0 - SQL Injection via install/index.php
CVSS 9.8
CVE-2020-25762
CRITICAL
Seat Reservation System 1.0 - SQL Injection via admin_class.php Login Parameters
CVSS 9.1
CVE-2020-25760
HIGH
Projectworlds Visitor Management System in PHP 1.0 - SQL Injection via 'rid' Parameter
CVSS 8.8
CVE-2020-24569
MEDIUM
mymbCONNECT24 <2.6.1 - SQL Injection
CVSS 4.3
CVE-2020-20800
CRITICAL
MetInfo 7.0.0 beta - SQL Injection via install/index.php URI
CVSS 9.8
Details
Vulnerabilities
19,843
Exploit Likelihood
High