CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,843 vulnerabilities with CWE-89
CVE-2020-6131 HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via course_period_id Parameter
CVSS 8.8
CVE-2020-6130 HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via course_period_id Parameter
CVSS 8.8
CVE-2020-6129 HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via course_period_id Parameter
CVSS 8.8
CVE-2020-6123 HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via Email Parameter
CVSS 8.8
CVE-2020-6122 HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via CheckDuplicateStudent.php mn Parameter
CVSS 8.8
CVE-2020-6121 HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via CheckDuplicateStudent.php ln Parameter
CVSS 8.8
CVE-2020-6120 HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via CheckDuplicateStudent.php fn Parameter
CVSS 8.8
CVE-2020-6119 HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via CheckDuplicateStudent.php byear Parameter
CVSS 8.8
CVE-2020-6118 HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via CheckDuplicateStudent.php bmonth Parameter
CVSS 8.8
CVE-2020-6117 HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via CheckDuplicateStudent.php bday Parameter
CVSS 8.8
CVE-2020-20625 HIGH
Sliced Invoices <= 3.8.2 - Authenticated SQL Injection via core/class-sliced.php
CVSS 7.5
CVE-2020-5624 CRITICAL
XooNIps < 3.48 - SQL Injection
CVSS 9.8
CVE-2020-23979 CRITICAL
13enforme CMS 1.0 - SQL Injection via Content.php ID Parameter
CVSS 9.8
CVE-2020-23978 CRITICAL
Soluzione Globale Ecommerce CMS v1 - SQL Injection
CVSS 9.8
CVE-2020-23976 CRITICAL
Webexcels Ecommerce CMS - SQL Injection
CVSS 9.8
CVE-2020-23973 CRITICAL
KandNconcepts Club CMS <1.3 - SQL Injection
CVSS 9.8
CVE-2020-23980 CRITICAL
DesignMasterEvents Conference management 1.0.0 - SQL Injection
CVSS 9.8
CVE-2020-5920 MEDIUM
BIG-IP <15.2 - Blind SQL Injection
CVSS 4.3
CVE-2020-24315 HIGH
WordPress Poll Plugin <36 - SQL Injection
CVSS 7.5
CVE-2020-6637 CRITICAL
openSIS Community Edition 7.3 - SQL Injection via USERNAME Parameter
CVSS 9.8
CVE-2020-14349 HIGH
PostgreSQL 10.0-10.13 - Authenticated SQL Injection via Logical Replication Search Path
CVSS 7.1
CVE-2020-23935 CRITICAL
Kabir Alhasan Student Management System 1.0 - Auth Bypass
CVSS 9.8
CVE-2020-23936 CRITICAL
PHPGurukul Vehicle Parking Management System 1.0 - Auth Bypass
CVSS 9.8
CVE-2020-24208 CRITICAL
SourceCodester Online Shopping Alphaware 1.0 - SQL Injection
CVSS 9.8
CVE-2020-8211 CRITICAL
Citrix XenMobile <10.12 - SQL Injection
CVSS 9.8
Details
Vulnerabilities 19,843
Exploit Likelihood High