CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,843 vulnerabilities with CWE-89
CVE-2020-23833 CRITICAL
Projectworlds House Rental v1.0 - SQL Injection
CVSS 9.8
CVE-2020-25379 HIGH
Recall Products 0.8 - Authenticated SQL Injection via Manufacturer Parameter
CVSS 8.8
CVE-2020-25254 CRITICAL
Hyland OnBase < 16.0.2.83 - SQL Injection via TestConnection_LocalOrLinkedServer
CVSS 9.8
CVE-2020-25253 CRITICAL
Hyland OnBase SQL Injection via TableName/ColumnName/Name/UserId/Password Parameter
CVSS 9.8
CVE-2020-13127 HIGH
Loway QueueMetrics <19.04.1 - SQL Injection
CVSS 8.8
CVE-2020-24197 CRITICAL
Stock Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2020-25006 CRITICAL
heybbs 1.2 - SQL Injection via login.php Username Parameter
CVSS 9.8
CVE-2020-25005 CRITICAL
heybbs 1.2 - SQL Injection via msg.php ID Parameter
CVSS 9.8
CVE-2020-25004 CRITICAL
Heybbs v1.2 - SQL Injection via ID Parameter
CVSS 9.8
CVE-2020-24193 CRITICAL
Sourcecodetester Daily Tracker System 1.0 - SQL Injection
CVSS 9.8
CVE-2020-6140 CRITICAL
OS4Ed openSIS 7.3 - SQL Injection via Password Reset Page
CVSS 9.8
CVE-2020-6139 CRITICAL
OS4Ed openSIS 7.3 - SQL Injection via Username/Email Parameter in Password Reset
CVSS 9.8
CVE-2020-6138 CRITICAL
OS4Ed openSIS 7.3 - SQL Injection via Password Reset uname Parameter
CVSS 9.8
CVE-2020-6137 CRITICAL
OS4Ed openSIS 7.3 - SQL Injection via password_stf_email Parameter
CVSS 9.8
CVE-2020-6141 CRITICAL
OS4Ed openSIS 7.3 - SQL Injection via Login Functionality
CVSS 9.8
CVE-2020-6136 HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via DownloadWindow.php
CVSS 8.8
CVE-2020-6135 HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via Validator.php
CVSS 8.8
CVE-2020-6134 HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via MassDropModal.php ID Parameter
CVSS 8.8
CVE-2020-6133 HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via CourseMoreInfo.php ID Parameter
CVSS 8.8
CVE-2020-6132 HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via ChooseCP.php ID Parameter
CVSS 8.8
CVE-2020-6128 HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via CoursePeriodModal.php meet_date Parameter
CVSS 8.8
CVE-2020-6127 HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via CoursePeriodModal.php id Parameter
CVSS 8.8
CVE-2020-6126 HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via CoursePeriodModal.php course_period_id Parameter
CVSS 8.8
CVE-2020-6125 HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via GetSchool.php
CVSS 8.8
CVE-2020-6124 HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via Email Parameter
CVSS 8.8
Details
Vulnerabilities 19,843
Exploit Likelihood High