CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,845 vulnerabilities with CWE-89
CVE-2020-10190 HIGH
MunkiReport < 5.3.0 - Authenticated SQL Injection via Datatables Endpoint
CVSS 8.8
CVE-2020-10220 CRITICAL
Rconfig 3.x Chained Remote Code Execution
CVSS 9.8
CVE-2020-10184 HIGH
YubiKey One-Time Password Validation Server < 2.40 - Denial of Service via SQL Injection in Verify Endpoint
CVSS 7.5
CVE-2020-9402 HIGH
Django 1.11-1.11.28, 2.2-2.2.10, 3.0-3.0.3 - SQL Injection via GIS Tolerance Parameter
CVSS 8.8
CVE-2020-10106 CRITICAL
PHPGurukul Daily Expense Tracker System 1.0 - SQL Injection via Email Parameter
CVSS 9.8
CVE-2020-9465 CRITICAL
eyesofnetwork 5.1-5.3 < 5.3-3 - Unauthenticated SQL Injection via user_id Cookie
CVSS 9.8
CVE-2020-9398 CRITICAL
ISPConfig < 3.1.15p3 - SQL Injection via Reverse Proxy Panel
CVSS 9.8
CVE-2020-1937 HIGH
Apache Kylin 2.3.0-2.3.1 and 2.6.0-2.6.4 - SQL Injection via RESTful API Input
CVSS 8.8
CVE-2020-9340 HIGH
fauzantrif eLection 2.0 - SQL Injection via admin/ajax/op_kandidat.php id Parameter
CVSS 7.2
CVE-2020-9318 HIGH
Red Gate SQL Monitor 9.0.13-9.2.14 - Authenticated SQL Injection via SNMP Alert Settings
CVSS 7.2
CVE-2020-3154 MEDIUM
Cisco Cloud Web Security - SQL Injection
CVSS 4.9
CVE-2020-9269 HIGH
SOPlanning 1.45 - Authenticated SQL Injection via Users Parameter
CVSS 7.2
CVE-2020-9268 HIGH
SoPlanning 1.45 - SQL Injection via OrderBy Clause
CVSS 7.5
CVE-2020-9265 HIGH
phpMyChat-Plus 1.98 - SQL Injection via Delete User Functionality
CVSS 8.2
CVE-2020-9006 CRITICAL
Popup Builder 2.2.8-2.6.7.6 - SQL Injection via PHP Deserialization in sgImportPopups
CVSS 9.8
CVE-2020-8427 CRITICAL
Unitrends Backup <10.4.1 - Auth Bypass
CVSS 9.8
CVE-2020-8611 HIGH
MOVEit Transfer <2019.1.4-2019.2.1 - SQL Injection
CVSS 8.8
CVE-2020-8804 MEDIUM
SuiteCRM <= 7.11.10 - SQL Injection via SOAP API, EmailUIAjax, or MailMerge
CVSS 6.5
CVE-2020-8802 CRITICAL
SuiteCRM <7.11.11 - Privilege Escalation
CVSS 9.8
CVE-2020-8596 HIGH
Participants Database <1.9.5.5 - SQL Injection
CVSS 7.5
CVE-2020-3934 CRITICAL
TAIWAN SECOM - Pre-auth SQL Injection
CVSS 9.8
CVE-2020-8841 HIGH
TestLink <1.9.19 - Authenticated SQL Injection
CVSS 8.8
CVE-2020-8656 CRITICAL
EyesOfNetwork 5.3 - Unauthenticated SQL Injection via Username Field in getApiKey
CVSS 9.8
CVE-2020-8645 CRITICAL
Simplejobscript.com SJS <1.66 - SQL Injection
CVSS 9.8
CVE-2020-3937 HIGH
SysJust Syuan-Gu-Da-Shih <20191223 - SQL Injection
CVSS 8.1
Details
Vulnerabilities 19,845
Exploit Likelihood High