CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,844 vulnerabilities with CWE-89
CVE-2020-15619 HIGH
Webpanel - SQL Injection
CVSS 7.5
CVE-2020-15618 HIGH
Webpanel - SQL Injection
CVSS 7.5
CVE-2020-15617 HIGH
Webpanel - SQL Injection
CVSS 7.5
CVE-2020-15616 HIGH
Webpanel - SQL Injection
CVSS 7.5
CVE-2020-15714 HIGH
rConfig 3.9.5 - Authenticated SQL Injection via devices.crud.php custom_Location Parameter
CVSS 8.8
CVE-2020-15713 HIGH
rConfig 3.9.5 - Authenticated SQL Injection via devices.php sortBy Parameter
CVSS 8.8
CVE-2020-15924 HIGH
Mida eFramework < 2.9.0 - Unauthenticated SQL Injection via Authentication Parameter
CVSS 7.5
CVE-2020-15887 HIGH
Softwareupdate < 1.6 - SQL Injection
CVSS 8.8
CVE-2020-15886 HIGH
reportdata < 3.5 - SQL Injection via req Parameter
CVSS 8.8
CVE-2020-15884 HIGH
MunkiReport < 5.6.3 - SQL Injection via Datatables Order By POST Parameter
CVSS 8.8
CVE-2020-15873 MEDIUM
LibreNMS < 1.65.1 - Authenticated SQL Injection via device_id POST Parameter
CVSS 6.5
CVE-2020-15052 HIGH
Artica Proxy CE <4.28.030.418 - SQL Injection
CVSS 7.5
CVE-2020-5768 MEDIUM
Icegram Email Subscribers & Newsletters Plugin for WordPress <4.4.8...
CVSS 4.9
CVE-2020-15108 HIGH
glpi < 9.5.1 - SQL Injection via Clone Feature
CVSS 7.1
CVE-2020-12013 CRITICAL
Mitsubishi Electric MC Works32 and MC Works64 < 10.95.208.31 - Remote Code Execution via WCF Client
CVSS 9.1
CVE-2020-3468 MEDIUM
Cisco SD-WAN vManage Software - SQL Injection
CVSS 5.4
CVE-2020-3450 MEDIUM
Cisco Vision Dynamic Signage Director - SQL Injection
CVSS 4.9
CVE-2020-3378 MEDIUM
Cisco SD-WAN vManage Software - SQL Injection
CVSS 4.3
CVE-2020-14982 MEDIUM
Kronos WebTA 3.8.x-<4.0 - Authenticated Blind SQL Injection via SortBy Parameter
CVSS 6.5
CVE-2020-11437 MEDIUM
LibreHealth EMR 2.0.0 - Authenticated SQL Injection
CVSS 4.3
CVE-2020-14497 CRITICAL
Advantech iView < 5.6 - SQL Injection
CVSS 9.8
CVE-2020-7577 HIGH
Opcenter Execution Core < 8.2 - Authenticated SQL Injection via Vulnerable Application Fields
CVSS 8.1
CVE-2020-13926 CRITICAL
Apache Kylin 2.0.0-3.0.9 - SQL Injection via REST API Configuration Overwrite
CVSS 9.8
CVE-2020-5766 HIGH
SRS Simple Hits Counter Plugin <1.0.4 - SQL Injection
CVSS 7.5
CVE-2020-6114 HIGH
Glacies IceHRM v26.6.0.OS - SQL Injection
CVSS 7.2
Details
Vulnerabilities 19,844
Exploit Likelihood High