CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,843 vulnerabilities with CWE-89
CVE-2020-15487 CRITICAL
Re:Desk 2.3 - Unauthenticated SQL Injection via Folder Parameter
CVSS 9.8
CVE-2020-25147 CRITICAL
Observium 20.8.10631 - SQL Injection via Username Parameter
CVSS 9.8
CVE-2020-25143 HIGH
Observium 20.8.10631 - SQL Injection via device_entities.php entity_type Parameter
CVSS 8.8
CVE-2020-19455 HIGH
jdownloads 3.2.63 - SQL Injection via filter_order Parameter
CVSS 7.5
CVE-2020-25132 CRITICAL
Observium 20.8.10631 - Unauthenticated SQL Injection via Cookie Header
CVSS 9.8
CVE-2020-19451 HIGH
jdownloads 3.2.63 - SQL Injection via X-Forwarded-For Header
CVSS 7.5
CVE-2020-19450 HIGH
jdownloads 3.2.63 - SQL Injection via getUserLimits List Parameter
CVSS 7.5
CVE-2020-25130 MEDIUM
Observium 20.8.10631 - Authenticated SQL Injection via ajax/actions.php group_id Parameter
CVSS 6.5
CVE-2020-15394 CRITICAL
Zoho ManageEngine Applications Manager <build 14740 - RCE
CVSS 9.8
CVE-2020-24593 HIGH
Mitel MiCloud Management Portal <6.1 SP5 - SQL Injection
CVSS 7.2
CVE-2020-15160 CRITICAL
PrestaShop <1.7.6.8 - Blind SQL Injection
CVSS 9.8
CVE-2020-19447 HIGH
jdownloads 3.2.63 - SQL Injection via f_marked_files_id Parameter
CVSS 7.5
CVE-2020-13505 CRITICAL
AVEVA EDNA Enterprise Data Historian - Unauthenticated SQL Injection via psClass Parameter
CVSS 9.8
CVE-2020-13504 CRITICAL
AVEVA EDNA Enterprise Data Historian - Unauthenticated SQL Injection via AttFilterValue Parameter
CVSS 9.8
CVE-2020-13501 CRITICAL
eDNA Enterprise Data Historian <3.0.1.2/7.5.4989.33053 - SQL Injection
CVSS 9.8
CVE-2020-13500 CRITICAL
eDNA Enterprise Data Historian <3.0.1.2/7.5.4989.33053 - SQL Injection
CVSS 9.8
CVE-2020-13499 CRITICAL
eDNA Enterprise Data Historian <3.0.1.2/7.5.4989.33053 - SQL Injection
CVSS 9.8
CVE-2020-25514 HIGH
Simple Library Management System 1.0 - Incorrect Access Control via Login Panel
CVSS 8.4
CVE-2020-25487 HIGH
PHPGURUKUL Zoo Management System 1.0 - SQL Injection via animal-detail.php
CVSS 7.8
CVE-2020-8887 HIGH
Telestream Tektronix Medius <10.7.5 & Sentry <10.7.5 - SQL Injection
CVSS 7.5
CVE-2020-24623 MEDIUM
Hewlett Packard Enterprise Universal API Framework - SQL Injection
CVSS 6.5
CVE-2020-25751 HIGH
pago_commerce 2.5.9.0 - Authenticated SQL Injection via filter_published Parameter
CVSS 8.8
CVE-2020-0352 MEDIUM
Android 11 - SQL Injection in MediaProvider
CVSS 5.5
CVE-2020-0344 MEDIUM
Android 11 - SQL Injection in MediaProvider
CVSS 5.5
CVE-2020-25727 HIGH
Reset Password Add-on < 1.2.0 for Alfresco - SQL Injection via Email Input Field
CVSS 7.5
Details
Vulnerabilities 19,843
Exploit Likelihood High