CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,843 vulnerabilities with CWE-89
CVE-2020-15487
CRITICAL
Re:Desk 2.3 - Unauthenticated SQL Injection via Folder Parameter
CVSS 9.8
CVE-2020-25147
CRITICAL
Observium 20.8.10631 - SQL Injection via Username Parameter
CVSS 9.8
CVE-2020-25143
HIGH
Observium 20.8.10631 - SQL Injection via device_entities.php entity_type Parameter
CVSS 8.8
CVE-2020-19455
HIGH
jdownloads 3.2.63 - SQL Injection via filter_order Parameter
CVSS 7.5
CVE-2020-25132
CRITICAL
Observium 20.8.10631 - Unauthenticated SQL Injection via Cookie Header
CVSS 9.8
CVE-2020-19451
HIGH
jdownloads 3.2.63 - SQL Injection via X-Forwarded-For Header
CVSS 7.5
CVE-2020-19450
HIGH
jdownloads 3.2.63 - SQL Injection via getUserLimits List Parameter
CVSS 7.5
CVE-2020-25130
MEDIUM
Observium 20.8.10631 - Authenticated SQL Injection via ajax/actions.php group_id Parameter
CVSS 6.5
CVE-2020-15394
CRITICAL
Zoho ManageEngine Applications Manager <build 14740 - RCE
CVSS 9.8
CVE-2020-24593
HIGH
Mitel MiCloud Management Portal <6.1 SP5 - SQL Injection
CVSS 7.2
CVE-2020-15160
CRITICAL
PrestaShop <1.7.6.8 - Blind SQL Injection
CVSS 9.8
CVE-2020-19447
HIGH
jdownloads 3.2.63 - SQL Injection via f_marked_files_id Parameter
CVSS 7.5
CVE-2020-13505
CRITICAL
AVEVA EDNA Enterprise Data Historian - Unauthenticated SQL Injection via psClass Parameter
CVSS 9.8
CVE-2020-13504
CRITICAL
AVEVA EDNA Enterprise Data Historian - Unauthenticated SQL Injection via AttFilterValue Parameter
CVSS 9.8
CVE-2020-13501
CRITICAL
eDNA Enterprise Data Historian <3.0.1.2/7.5.4989.33053 - SQL Injection
CVSS 9.8
CVE-2020-13500
CRITICAL
eDNA Enterprise Data Historian <3.0.1.2/7.5.4989.33053 - SQL Injection
CVSS 9.8
CVE-2020-13499
CRITICAL
eDNA Enterprise Data Historian <3.0.1.2/7.5.4989.33053 - SQL Injection
CVSS 9.8
CVE-2020-25514
HIGH
Simple Library Management System 1.0 - Incorrect Access Control via Login Panel
CVSS 8.4
CVE-2020-25487
HIGH
PHPGURUKUL Zoo Management System 1.0 - SQL Injection via animal-detail.php
CVSS 7.8
CVE-2020-8887
HIGH
Telestream Tektronix Medius <10.7.5 & Sentry <10.7.5 - SQL Injection
CVSS 7.5
CVE-2020-24623
MEDIUM
Hewlett Packard Enterprise Universal API Framework - SQL Injection
CVSS 6.5
CVE-2020-25751
HIGH
pago_commerce 2.5.9.0 - Authenticated SQL Injection via filter_published Parameter
CVSS 8.8
CVE-2020-0352
MEDIUM
Android 11 - SQL Injection in MediaProvider
CVSS 5.5
CVE-2020-0344
MEDIUM
Android 11 - SQL Injection in MediaProvider
CVSS 5.5
CVE-2020-25727
HIGH
Reset Password Add-on < 1.2.0 for Alfresco - SQL Injection via Email Input Field
CVSS 7.5
Details
Vulnerabilities
19,843
Exploit Likelihood
High