CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,843 vulnerabilities with CWE-89
CVE-2020-6131
HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via course_period_id Parameter
CVSS 8.8
CVE-2020-6130
HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via course_period_id Parameter
CVSS 8.8
CVE-2020-6129
HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via course_period_id Parameter
CVSS 8.8
CVE-2020-6123
HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via Email Parameter
CVSS 8.8
CVE-2020-6122
HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via CheckDuplicateStudent.php mn Parameter
CVSS 8.8
CVE-2020-6121
HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via CheckDuplicateStudent.php ln Parameter
CVSS 8.8
CVE-2020-6120
HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via CheckDuplicateStudent.php fn Parameter
CVSS 8.8
CVE-2020-6119
HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via CheckDuplicateStudent.php byear Parameter
CVSS 8.8
CVE-2020-6118
HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via CheckDuplicateStudent.php bmonth Parameter
CVSS 8.8
CVE-2020-6117
HIGH
OS4Ed openSIS 7.3 - Authenticated SQL Injection via CheckDuplicateStudent.php bday Parameter
CVSS 8.8
CVE-2020-20625
HIGH
Sliced Invoices <= 3.8.2 - Authenticated SQL Injection via core/class-sliced.php
CVSS 7.5
CVE-2020-5624
CRITICAL
XooNIps < 3.48 - SQL Injection
CVSS 9.8
CVE-2020-23979
CRITICAL
13enforme CMS 1.0 - SQL Injection via Content.php ID Parameter
CVSS 9.8
CVE-2020-23978
CRITICAL
Soluzione Globale Ecommerce CMS v1 - SQL Injection
CVSS 9.8
CVE-2020-23976
CRITICAL
Webexcels Ecommerce CMS - SQL Injection
CVSS 9.8
CVE-2020-23973
CRITICAL
KandNconcepts Club CMS <1.3 - SQL Injection
CVSS 9.8
CVE-2020-23980
CRITICAL
DesignMasterEvents Conference management 1.0.0 - SQL Injection
CVSS 9.8
CVE-2020-5920
MEDIUM
BIG-IP <15.2 - Blind SQL Injection
CVSS 4.3
CVE-2020-24315
HIGH
WordPress Poll Plugin <36 - SQL Injection
CVSS 7.5
CVE-2020-6637
CRITICAL
openSIS Community Edition 7.3 - SQL Injection via USERNAME Parameter
CVSS 9.8
CVE-2020-14349
HIGH
PostgreSQL 10.0-10.13 - Authenticated SQL Injection via Logical Replication Search Path
CVSS 7.1
CVE-2020-23935
CRITICAL
Kabir Alhasan Student Management System 1.0 - Auth Bypass
CVSS 9.8
CVE-2020-23936
CRITICAL
PHPGurukul Vehicle Parking Management System 1.0 - Auth Bypass
CVSS 9.8
CVE-2020-24208
CRITICAL
SourceCodester Online Shopping Alphaware 1.0 - SQL Injection
CVSS 9.8
CVE-2020-8211
CRITICAL
Citrix XenMobile <10.12 - SQL Injection
CVSS 9.8
Details
Vulnerabilities
19,843
Exploit Likelihood
High