CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,844 vulnerabilities with CWE-89
CVE-2020-8211
CRITICAL
Citrix XenMobile <10.12 - SQL Injection
CVSS 9.8
CVE-2020-12606
CRITICAL
DB Soft SGLAC <20.05.001 - SQL Injection
CVSS 9.8
CVE-2020-15947
HIGH
Loway QueueMetrics < 19.10.21 - Authenticated SQL Injection via qm_adm/qm_export_stats_run.do exportId Parameter
CVSS 8.8
CVE-2020-15925
HIGH
Loway QueueMetrics < 19.10.21 - Authenticated SQL Injection via TPF_XPAR1 Parameter
CVSS 8.8
CVE-2020-17463
CRITICAL
KEV
FUEL CMS 1.4.7 - SQL Injection via col Parameter
CVSS 9.8
CVE-2020-17506
CRITICAL
Artica Web Proxy 4.30.00000000 - SQL Injection
CVSS 9.8
CVE-2020-17373
MEDIUM
SugarCRM < 10.1.0 - SQL Injection
CVSS 5.3
CVE-2020-16277
HIGH
SAINT Security Suite 8.0-9.8.20 - Authenticated SQL Injection in Analytics Component
CVSS 8.8
CVE-2020-16276
HIGH
SAINT Security Suite 8.0-9.8.20 - Authenticated SQL Injection in Assets Component
CVSS 8.8
CVE-2020-6145
HIGH
ERPNext 11.1.38 - Authenticated SQL Injection via frappe.desk.reportview.get
CVSS 8.8
CVE-2020-7356
CRITICAL
CAYIN xPost - Unauthenticated SQL Injection via wayfinder_seqid Parameter
CVSS 10.0
CVE-2020-13921
CRITICAL
Apache SkyWalking < 8.1.0 - SQL Injection via Wildcard Query
CVSS 9.8
CVE-2020-4328
MEDIUM
IBM Financial Transaction Manager 3.2.4 - SQL Injection
CVSS 6.3
CVE-2020-3462
MEDIUM
Cisco Data Center Network Manager < 11.4(1) - Authenticated SQL Injection
CVSS 6.3
CVE-2020-16165
CRITICAL
SpringBlade < 2.7.1 - SQL Injection via ORDER BY Clause in Log API
CVSS 9.8
CVE-2020-10983
MEDIUM
Gambio GX < 4.0.1.0 - SQL Injection in admin/mobile.php
CVSS 4.9
CVE-2020-10982
MEDIUM
Gambio GX < 4.0.1.0 - SQL Injection in admin/gv_mail.php
CVSS 4.9
CVE-2020-15628
HIGH
Webpanel - SQL Injection
CVSS 7.5
CVE-2020-15627
HIGH
Webpanel - SQL Injection
CVSS 7.5
CVE-2020-15626
HIGH
Webpanel - SQL Injection
CVSS 7.5
CVE-2020-15625
HIGH
Webpanel - SQL Injection
CVSS 7.5
CVE-2020-15624
HIGH
Webpanel - SQL Injection
CVSS 7.5
CVE-2020-15622
HIGH
Webpanel - SQL Injection
CVSS 7.5
CVE-2020-15621
HIGH
Webpanel - SQL Injection
CVSS 7.5
CVE-2020-15620
HIGH
Webpanel - SQL Injection
CVSS 7.5
Details
Vulnerabilities
19,844
Exploit Likelihood
High