CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,845 vulnerabilities with CWE-89
CVE-2020-10190
HIGH
MunkiReport < 5.3.0 - Authenticated SQL Injection via Datatables Endpoint
CVSS 8.8
CVE-2020-10220
CRITICAL
Rconfig 3.x Chained Remote Code Execution
CVSS 9.8
CVE-2020-10184
HIGH
YubiKey One-Time Password Validation Server < 2.40 - Denial of Service via SQL Injection in Verify Endpoint
CVSS 7.5
CVE-2020-9402
HIGH
Django 1.11-1.11.28, 2.2-2.2.10, 3.0-3.0.3 - SQL Injection via GIS Tolerance Parameter
CVSS 8.8
CVE-2020-10106
CRITICAL
PHPGurukul Daily Expense Tracker System 1.0 - SQL Injection via Email Parameter
CVSS 9.8
CVE-2020-9465
CRITICAL
eyesofnetwork 5.1-5.3 < 5.3-3 - Unauthenticated SQL Injection via user_id Cookie
CVSS 9.8
CVE-2020-9398
CRITICAL
ISPConfig < 3.1.15p3 - SQL Injection via Reverse Proxy Panel
CVSS 9.8
CVE-2020-1937
HIGH
Apache Kylin 2.3.0-2.3.1 and 2.6.0-2.6.4 - SQL Injection via RESTful API Input
CVSS 8.8
CVE-2020-9340
HIGH
fauzantrif eLection 2.0 - SQL Injection via admin/ajax/op_kandidat.php id Parameter
CVSS 7.2
CVE-2020-9318
HIGH
Red Gate SQL Monitor 9.0.13-9.2.14 - Authenticated SQL Injection via SNMP Alert Settings
CVSS 7.2
CVE-2020-3154
MEDIUM
Cisco Cloud Web Security - SQL Injection
CVSS 4.9
CVE-2020-9269
HIGH
SOPlanning 1.45 - Authenticated SQL Injection via Users Parameter
CVSS 7.2
CVE-2020-9268
HIGH
SoPlanning 1.45 - SQL Injection via OrderBy Clause
CVSS 7.5
CVE-2020-9265
HIGH
phpMyChat-Plus 1.98 - SQL Injection via Delete User Functionality
CVSS 8.2
CVE-2020-9006
CRITICAL
Popup Builder 2.2.8-2.6.7.6 - SQL Injection via PHP Deserialization in sgImportPopups
CVSS 9.8
CVE-2020-8427
CRITICAL
Unitrends Backup <10.4.1 - Auth Bypass
CVSS 9.8
CVE-2020-8611
HIGH
MOVEit Transfer <2019.1.4-2019.2.1 - SQL Injection
CVSS 8.8
CVE-2020-8804
MEDIUM
SuiteCRM <= 7.11.10 - SQL Injection via SOAP API, EmailUIAjax, or MailMerge
CVSS 6.5
CVE-2020-8802
CRITICAL
SuiteCRM <7.11.11 - Privilege Escalation
CVSS 9.8
CVE-2020-8596
HIGH
Participants Database <1.9.5.5 - SQL Injection
CVSS 7.5
CVE-2020-3934
CRITICAL
TAIWAN SECOM - Pre-auth SQL Injection
CVSS 9.8
CVE-2020-8841
HIGH
TestLink <1.9.19 - Authenticated SQL Injection
CVSS 8.8
CVE-2020-8656
CRITICAL
EyesOfNetwork 5.3 - Unauthenticated SQL Injection via Username Field in getApiKey
CVSS 9.8
CVE-2020-8645
CRITICAL
Simplejobscript.com SJS <1.66 - SQL Injection
CVSS 9.8
CVE-2020-3937
HIGH
SysJust Syuan-Gu-Da-Shih <20191223 - SQL Injection
CVSS 8.1
Details
Vulnerabilities
19,845
Exploit Likelihood
High