CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,844 vulnerabilities with CWE-89
CVE-2020-8211 CRITICAL
Citrix XenMobile <10.12 - SQL Injection
CVSS 9.8
CVE-2020-12606 CRITICAL
DB Soft SGLAC <20.05.001 - SQL Injection
CVSS 9.8
CVE-2020-15947 HIGH
Loway QueueMetrics < 19.10.21 - Authenticated SQL Injection via qm_adm/qm_export_stats_run.do exportId Parameter
CVSS 8.8
CVE-2020-15925 HIGH
Loway QueueMetrics < 19.10.21 - Authenticated SQL Injection via TPF_XPAR1 Parameter
CVSS 8.8
CVE-2020-17463 CRITICAL KEV
FUEL CMS 1.4.7 - SQL Injection via col Parameter
CVSS 9.8
CVE-2020-17506 CRITICAL
Artica Web Proxy 4.30.00000000 - SQL Injection
CVSS 9.8
CVE-2020-17373 MEDIUM
SugarCRM < 10.1.0 - SQL Injection
CVSS 5.3
CVE-2020-16277 HIGH
SAINT Security Suite 8.0-9.8.20 - Authenticated SQL Injection in Analytics Component
CVSS 8.8
CVE-2020-16276 HIGH
SAINT Security Suite 8.0-9.8.20 - Authenticated SQL Injection in Assets Component
CVSS 8.8
CVE-2020-6145 HIGH
ERPNext 11.1.38 - Authenticated SQL Injection via frappe.desk.reportview.get
CVSS 8.8
CVE-2020-7356 CRITICAL
CAYIN xPost - Unauthenticated SQL Injection via wayfinder_seqid Parameter
CVSS 10.0
CVE-2020-13921 CRITICAL
Apache SkyWalking < 8.1.0 - SQL Injection via Wildcard Query
CVSS 9.8
CVE-2020-4328 MEDIUM
IBM Financial Transaction Manager 3.2.4 - SQL Injection
CVSS 6.3
CVE-2020-3462 MEDIUM
Cisco Data Center Network Manager < 11.4(1) - Authenticated SQL Injection
CVSS 6.3
CVE-2020-16165 CRITICAL
SpringBlade < 2.7.1 - SQL Injection via ORDER BY Clause in Log API
CVSS 9.8
CVE-2020-10983 MEDIUM
Gambio GX < 4.0.1.0 - SQL Injection in admin/mobile.php
CVSS 4.9
CVE-2020-10982 MEDIUM
Gambio GX < 4.0.1.0 - SQL Injection in admin/gv_mail.php
CVSS 4.9
CVE-2020-15628 HIGH
Webpanel - SQL Injection
CVSS 7.5
CVE-2020-15627 HIGH
Webpanel - SQL Injection
CVSS 7.5
CVE-2020-15626 HIGH
Webpanel - SQL Injection
CVSS 7.5
CVE-2020-15625 HIGH
Webpanel - SQL Injection
CVSS 7.5
CVE-2020-15624 HIGH
Webpanel - SQL Injection
CVSS 7.5
CVE-2020-15622 HIGH
Webpanel - SQL Injection
CVSS 7.5
CVE-2020-15621 HIGH
Webpanel - SQL Injection
CVSS 7.5
CVE-2020-15620 HIGH
Webpanel - SQL Injection
CVSS 7.5
Details
Vulnerabilities 19,844
Exploit Likelihood High