CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,844 vulnerabilities with CWE-89
CVE-2020-12104
HIGH
wp-advanced-search < 3.3.7 - Authenticated SQL Injection via Import Feature
CVSS 8.8
CVE-2020-6010
HIGH
LearnPress <3.2.6.7 - SQL Injection
CVSS 8.8
CVE-2020-11942
CRITICAL
Open-AudIT 3.2.2 - SQL Injection
CVSS 9.8
CVE-2020-12461
HIGH
php-fusion 9.03.50 - SQL Injection via members.php sort_order Parameter
CVSS 8.8
CVE-2020-12442
CRITICAL
Ivanti Avalanche 6.3 - SQL Injection
CVSS 9.8
CVE-2020-12429
CRITICAL
Online Course Registration 2.0 - SQL Injection
CVSS 9.8
CVE-2020-12271
CRITICAL
KEV
Sophos SFOS 17.0, 17.1, 17.5, and 18.0 - SQL Injection
CVSS 9.8
CVE-2020-11004
HIGH
Admidio < 3.3.13 - Unauthenticated SQL Injection via Main Cookie Parameter
CVSS 7.7
CVE-2020-11010
MEDIUM
Tortoise ORM <0.15.23-0.16.6 - SQL Injection
CVSS 6.3
CVE-2020-11886
HIGH
OpenNMS Horizon < 25.2.1 and Meridian 2017-2019 - SQL Injection via NodeListController snmpParm
CVSS 8.1
CVE-2020-11820
CRITICAL
Rukovoditel 2.5.2 - SQL Injection via entities_id Parameter
CVSS 9.8
CVE-2020-11816
CRITICAL
Rukovoditel 2.5.2 - SQL Injection via reports_id POST Parameter
CVSS 9.8
CVE-2020-11812
CRITICAL
Rukovoditel 2.5.2 - SQL Injection via filters[0][value] or filters[1][value] Parameter
CVSS 9.8
CVE-2020-11537
CRITICAL
ONLYOFFICE Document Server 5.5.0 - SQL Injection via Websocket API DocID Parameter
CVSS 9.8
CVE-2020-10512
HIGH
HGiga C&Cmail CCMAILQ and CCMAILN - SQL Injection via URL Parameter
CVSS 8.8
CVE-2020-10505
CRITICAL
School Manage System <2020 - SQL Injection
CVSS 9.8
CVE-2020-10381
MEDIUM
MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 < 2.5.0 - Unauthenticated SQL Injection in DATA24
CVSS 5.3
CVE-2020-10623
MEDIUM
WebAccess/NMS <3.0.2 - SQL Injection
CVSS 6.5
CVE-2020-10617
HIGH
WebAccess/NMS <3.0.2 - SQL Injection
CVSS 7.5
CVE-2020-11597
CRITICAL
CIPPlanner CIPAce < 9.1 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2020-11545
CRITICAL
Project Worlds Official Car Rental System 1 - SQL Injection via email, uname, pass, and id Parameters
CVSS 9.8
CVE-2020-8638
CRITICAL
TestLink 1.9.20 - SQL Injection via planUrgency.php Urgency Parameter
CVSS 9.8
CVE-2020-8637
CRITICAL
TestLink 1.9.20 - SQL Injection via dragdroptreenodes.php node_id Parameter
CVSS 9.8
CVE-2020-6009
CRITICAL
LearnDash < 3.1.6 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2020-5292
HIGH
Leantime < 2.0.15 - Authenticated SQL Injection via searchUsers Parameter
CVSS 8.7
Details
Vulnerabilities
19,844
Exploit Likelihood
High