CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,844 vulnerabilities with CWE-89
CVE-2020-15504
CRITICAL
Sophos XG Firewall 17.0-18.0 MR1 - Remote Code Execution via SQL Injection
CVSS 9.8
CVE-2020-13993
HIGH
Mods for HESK 3.1.0-2019.1.0 - Unauthenticated Blind Time-Based SQL Injection via Ticket
CVSS 7.5
CVE-2020-15072
HIGH
phplist < 3.5.4 - SQL Injection via Import Administrators Section
CVSS 8.8
CVE-2020-3973
HIGH
VMware VeloCloud Orchestrator 3.1.1-3.3.1 - Authenticated Blind SQL Injection
CVSS 8.8
CVE-2020-8521
CRITICAL
phpzag - SQL Injection via Records.php Parameters
CVSS 9.8
CVE-2020-8520
CRITICAL
phpzag - SQL Injection via Records.php Order and Column Parameters
CVSS 9.8
CVE-2020-8519
CRITICAL
phpzag - SQL Injection via Records.php Search Parameter
CVSS 9.8
CVE-2020-15008
HIGH
Connectwise Automate <2020.7 or 2019.12 - SQL Injection
CVSS 7.5
CVE-2020-15540
CRITICAL
We-com OpenData CMS 2.0 - SQL Injection via Administrator Login Username Field
CVSS 9.8
CVE-2020-15539
CRITICAL
We-com Municipality Portal CMS 2.1.x - SQL Injection via Cerca Keywords Field
CVSS 9.8
CVE-2020-14092
CRITICAL
CodePeople Payment Form for PayPal Pro < 1.1.65 - SQL Injection
CVSS 9.8
CVE-2020-13381
CRITICAL
openSIS <= 7.4 - SQL Injection
CVSS 9.8
CVE-2020-13380
CRITICAL
openSIS < 7.4 - SQL Injection
CVSS 9.8
CVE-2020-15468
CRITICAL
Persian VIP Download Script 1.0 - SQL Injection via cart_edit.php active parameter
CVSS 9.8
CVE-2020-9483
HIGH
Apache SkyWalking 6.0.0-6.6.0 - SQL Injection via GraphQL Metadata Query
CVSS 7.5
CVE-2020-14069
MEDIUM
MK-AUTH 19.01 - SQL Injection via mkt/ Script Parameters
CVSS 6.8
CVE-2020-14068
CRITICAL
MK-AUTH 19.01 - Unauthenticated SQL Injection via central/executar_login.php
CVSS 9.8
CVE-2020-15363
CRITICAL
nexos < 1.7 - SQL Injection via search_order Parameter
CVSS 9.8
CVE-2020-15308
HIGH
Support Incident Tracker <3.67 p2 - SQL Injection
CVSS 7.2
CVE-2020-14972
CRITICAL
Sourcecodester Pisay Online E-Learning System 1.0 - SQL Injection
CVSS 9.8
CVE-2020-14960
HIGH
php-fusion 9.03.50 - SQL Injection via Comments Administration Endpoint ctype Parameter
CVSS 7.2
CVE-2020-14443
HIGH
Dolibarr < 11.0.3 and >=0 < 11.0.5 - Authenticated SQL Injection via id Parameter
CVSS 8.8
CVE-2020-13640
CRITICAL
wpDiscuz < 5.3.5 - SQL Injection via wpdLoadMoreComments Order Parameter
CVSS 9.8
CVE-2020-14295
HIGH
Cacti 1.2.12 - Authenticated SQL Injection via color.php filter Parameter
CVSS 7.2
CVE-2020-7500
CRITICAL
Schneider Electric U.motion Servers and Touch Panels < 1.4.2 - SQL Injection
CVSS 9.8
Details
Vulnerabilities
19,844
Exploit Likelihood
High