CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,844 vulnerabilities with CWE-89
CVE-2020-7493
HIGH
EcoStruxure Operator Terminal Expert <= 3.1 Service Pack 1 - SQL Injection via Project File
CVSS 7.8
CVE-2020-14159
HIGH
ConnectWise Automate API < 2019.12.337 - Authenticated SQL Injection via /LabTech/agent.aspx
CVSS 8.8
CVE-2020-14054
CRITICAL
SOKKIA GNR5 Vanguard Firmware 1.2 - SQL Injection via Login Page User Name or Password Field
CVSS 9.8
CVE-2020-13996
HIGH
J2Store < 3.3.13 - Authenticated SQL Injection
CVSS 8.8
CVE-2020-10549
CRITICAL
rconfig < 3.9.4 - Unauthenticated SQL Injection via snippets.inc.php
CVSS 9.8
CVE-2020-10548
CRITICAL
rconfig < 3.9.4 - Unauthenticated SQL Injection via devices.inc.php
CVSS 9.8
CVE-2020-10547
CRITICAL
rconfig < 3.9.4 - Unauthenticated SQL Injection via compliancepolicyelements.inc.php
CVSS 9.8
CVE-2020-10546
CRITICAL
rconfig < 3.9.4 - Unauthenticated SQL Injection via compliancepolicies.inc.php
CVSS 9.8
CVE-2020-3339
MEDIUM
Cisco Prime Infrastructure - SQL Injection
CVSS 5.4
CVE-2020-4035
MEDIUM
WatermelonDB < 0.15.1 - SQL Injection via Malicious Record ID
CVSS 5.9
CVE-2020-8967
CRITICAL
GESIO ERP < 11.2 - SQL Injection
CVSS 10.0
CVE-2020-13433
CRITICAL
Jason2605 AdminPanel 4.0 - SQL Injection
CVSS 9.8
CVE-2020-3184
HIGH
Cisco Prime Collaboration Provisioning Software - SQL Injection
CVSS 7.2
CVE-2020-5579
HIGH
Paid Memberships <2.3.3 - SQL Injection
CVSS 7.2
CVE-2020-12034
HIGH
Rockwell Automation EDS Subsystem <= 28.0.1 - SQL Injection via Crafted EDS Files
CVSS 8.2
CVE-2020-4345
LOW
IBM i 7.2-7.4 - SQL Injection
CVSS 3.3
CVE-2020-13118
CRITICAL
Mikrotik Router Monitoring System <2018-10-22 - SQL Injection
CVSS 9.8
CVE-2020-6253
HIGH
SAP ASE Web Services <16.0 - Privilege Escalation
CVSS 7.2
CVE-2020-6249
HIGH
SAP Master Data Governance < S4CORE 101 - SQL Injection
CVSS 8.8
CVE-2020-6241
HIGH
SAP Adaptive Server Enterprise 16.0 - Privilege Escalation
CVSS 8.8
CVE-2020-12766
CRITICAL
Gnuteca 3.8 - SQL Injection via exemplaryStatusId Parameter
CVSS 9.8
CVE-2020-11530
CRITICAL
idangero chop_slider - Blind SQL Injection via id GET Parameter
CVSS 9.8
CVE-2020-12014
HIGH
Advantech WebAccess < 8.4.4 - SQL Injection
CVSS 7.5
CVE-2020-12720
CRITICAL
vBulletin <5.5.6pl1, <5.6.0pl1, <5.6.1pl1 - Privilege Escalation
CVSS 9.8
CVE-2020-11032
HIGH
GLPI < 9.4.6 - Authenticated SQL Injection
CVSS 7.6
Details
Vulnerabilities
19,844
Exploit Likelihood
High