CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,844 vulnerabilities with CWE-89
CVE-2020-5726 HIGH
Grandstream UCM6200 <1.0.20.22 - SQL Injection
CVSS 7.5
CVE-2020-5725 MEDIUM
Grandstream UCM6200 <1.0.20.22 - SQL Injection
CVSS 5.9
CVE-2020-5724 HIGH
Grandstream UCM6200 <1.0.20.22 - SQL Injection
CVSS 7.5
CVE-2020-10817 HIGH
Custom Searchable Data Entry System <1.7.1 - SQL Injection
CVSS 8.8
CVE-2020-3936 CRITICAL
UltraLog Express Firmware - SQL Injection via Device Management Interface Parameters
CVSS 10.0
CVE-2020-9521 HIGH
Micro Focus Service Manager Automation 2018.02-2019.08 - SQL Injection
CVSS 8.8
CVE-2020-5722 CRITICAL KEV
Grandstream UCM6200 <1.0.19.20 - SQL Injection
CVSS 9.8
CVE-2020-10803 MEDIUM
phpMyAdmin <4.9.5-5.0.2 - SQL Injection
CVSS 5.4
CVE-2020-10802 HIGH
phpMyAdmin <4.9.5, 5.x <5.0.2 - SQL Injection
CVSS 8.0
CVE-2020-10804 HIGH
phpMyAdmin <4.9.5-5.0.2 - SQL Injection
CVSS 8.0
CVE-2020-10365 MEDIUM
LogicalDoc < 8.3.3 - Authenticated SQL Injection via Document List Filter Parameters
CVSS 6.5
CVE-2020-3922 CRITICAL
LisoMail < 2.0 - Unauthenticated SQL Injection via URL Parameter Manipulation
CVSS 9.8
CVE-2020-10380 CRITICAL
RMySQL < 0.10.19 - SQL Injection
CVSS 9.8
CVE-2020-8786 CRITICAL
SuiteCRM <7.10.23, <7.11.11 - SQL Injection
CVSS 9.8
CVE-2020-8785 CRITICAL
SuiteCRM <7.10.23, <7.11.11 - SQL Injection
CVSS 9.8
CVE-2020-8784 CRITICAL
SuiteCRM <7.10.23, <7.11.11 - SQL Injection
CVSS 9.8
CVE-2020-8783 CRITICAL
SuiteCRM <7.10.23, <7.11.11 - SQL Injection
CVSS 9.8
CVE-2020-10243 CRITICAL
Joomla! < 3.9.16 - SQL Injection in Featured Articles Menu Parameters
CVSS 9.8
CVE-2020-10230 CRITICAL
Webpanel - SQL Injection
CVSS 9.8
CVE-2020-5257 HIGH
Administrate < 0.13.0 - SQL Injection via Direction Parameter
CVSS 7.7
CVE-2020-10563 CRITICAL
DEVOME GRR < 3.4.1c - SQL Injection via frmcontactlist.php
CVSS 9.8
CVE-2020-10218 MEDIUM
Sapplica Sentrifugo 3.2 - Blind SQL Injection via HolidaydatesController addAction Function
CVSS 6.5
CVE-2020-8435 HIGH
RegistrationMagic 4.6.0.0 - SQL Injection
CVSS 8.1
CVE-2020-0060 MEDIUM
Android - SQL Injection in SmsProvider and MmsSmsProvider
CVSS 4.4
CVE-2020-10190 HIGH
MunkiReport < 5.3.0 - Authenticated SQL Injection via Datatables Endpoint
CVSS 8.8
Details
Vulnerabilities 19,844
Exploit Likelihood High