CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,843 vulnerabilities with CWE-89
CVE-2020-23833
CRITICAL
Projectworlds House Rental v1.0 - SQL Injection
CVSS 9.8
CVE-2020-25379
HIGH
Recall Products 0.8 - Authenticated SQL Injection via Manufacturer Parameter
CVSS 8.8
CVE-2020-25254
CRITICAL
Hyland OnBase < 16.0.2.83 - SQL Injection via TestConnection_LocalOrLinkedServer
CVSS 9.8
CVE-2020-25253
CRITICAL
Hyland OnBase SQL Injection via TableName/ColumnName/Name/UserId/Password Parameter
CVSS 9.8
CVE-2020-13127
HIGH
Loway QueueMetrics <19.04.1 - SQL Injection
CVSS 8.8
CVE-2020-24197
CRITICAL
Stock Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2020-25006
CRITICAL
heybbs 1.2 - SQL Injection via login.php Username Parameter
CVSS 9.8
CVE-2020-25005
CRITICAL
heybbs 1.2 - SQL Injection via msg.php ID Parameter
CVSS 9.8
CVE-2020-25004
CRITICAL
Heybbs v1.2 - SQL Injection via ID Parameter
CVSS 9.8
CVE-2020-24193
CRITICAL
Sourcecodetester Daily Tracker System 1.0 - SQL Injection
CVSS 9.8
CVE-2020-6140
CRITICAL
OS4Ed openSIS 7.3 - SQL Injection via Password Reset Page
CVSS 9.8
CVE-2020-6139
CRITICAL
OS4Ed openSIS 7.3 - SQL Injection via Username/Email Parameter in Password Reset
CVSS 9.8
CVE-2020-6138
CRITICAL
OS4Ed openSIS 7.3 - SQL Injection via Password Reset uname Parameter
CVSS 9.8
CVE-2020-6137
CRITICAL
OS4Ed openSIS 7.3 - SQL Injection via password_stf_email Parameter
CVSS 9.8
CVE-2020-6141
CRITICAL
OS4Ed openSIS 7.3 - SQL Injection via Login Functionality
CVSS 9.8
CVE-2020-6136
HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via DownloadWindow.php
CVSS 8.8
CVE-2020-6135
HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via Validator.php
CVSS 8.8
CVE-2020-6134
HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via MassDropModal.php ID Parameter
CVSS 8.8
CVE-2020-6133
HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via CourseMoreInfo.php ID Parameter
CVSS 8.8
CVE-2020-6132
HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via ChooseCP.php ID Parameter
CVSS 8.8
CVE-2020-6128
HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via CoursePeriodModal.php meet_date Parameter
CVSS 8.8
CVE-2020-6127
HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via CoursePeriodModal.php id Parameter
CVSS 8.8
CVE-2020-6126
HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via CoursePeriodModal.php course_period_id Parameter
CVSS 8.8
CVE-2020-6125
HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via GetSchool.php
CVSS 8.8
CVE-2020-6124
HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via Email Parameter
CVSS 8.8
Details
Vulnerabilities
19,843
Exploit Likelihood
High