CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,845 vulnerabilities with CWE-89
CVE-2020-8592
CRITICAL
eG Manager 7.1.2 - SQL Injection via Forgot Password User Parameter
CVSS 9.8
CVE-2020-7471
CRITICAL
Django 1.11-1.11.27, 2.2-2.2.9, 3.0-3.0.2 - SQL Injection via StringAgg Delimiter
CVSS 9.8
CVE-2020-3719
HIGH
Magento <2.3.3, <2.2.10, <1.14.4.3, <1.9.4.3 - SQL Injection
CVSS 7.5
CVE-2020-7981
CRITICAL
Geocoder < 1.6.1 - SQL Injection via within_bounding_box Coordinates
CVSS 9.8
CVE-2020-7939
HIGH
Plone 4.0-5.2.1 - SQL Injection in DTML or Connection Objects
CVSS 8.8
CVE-2020-6960
CRITICAL
Honeywell MAXPRO VMS and NVR < 5.6 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2020-7229
CRITICAL
simplejobscript < 1.65 - Unauthenticated SQL Injection via landing_location Parameter
CVSS 9.8
CVE-2020-5504
HIGH
phpMyAdmin <4.9.4-5.0.1 - SQL Injection
CVSS 8.8
CVE-2020-5511
HIGH
PHPGurukul Small CRM v2.0 - Auth Bypass
CVSS 8.8
CVE-2020-5510
CRITICAL
PHPGurukul Hostel Mgt Sys <2.0 - SQL Injection
CVSS 9.8
CVE-2020-5841
CRITICAL
OpServices OpMon <9.3.1-1 - SQL Injection
CVSS 9.8
CVE-2020-5307
CRITICAL
PHPGurukul Dairy Farm Shop Management System 1.0 - SQL Injection via Username Parameter
CVSS 9.8
CVE-2020-5515
HIGH
Gila CMS 1.11.8 - SQL Injection via Admin SQL Query Parameter
CVSS 7.2
CVE-2020-5192
HIGH
PHPGurukul Hospital Management System 4.0 - SQL Injection
CVSS 8.8
CVE-2019-25761
HIGH
Joomla! Component JoomCRM 1.1.1 SQL Injection via deal_id
CVSS 7.1
CVE-2019-25759
HIGH
Joomla! Component vBizz 1.0.7 SQL Injection
CVSS 7.1
CVE-2019-25757
HIGH
Joomla vWishlist 1.0.1 SQL Injection via vproductid Parameter
CVSS 7.1
CVE-2019-25756
HIGH
Joomla! Component vAccount 2.0.2 SQL Injection via vaccount-dashboard
CVSS 8.2
CVE-2019-25755
HIGH
Joomla vReview 1.9.11 SQL Injection via editReview
CVSS 8.2
CVE-2019-25754
HIGH
Joomla vRestaurant 1.9.4 SQL Injection via menu-listing-layout
CVSS 8.2
CVE-2019-25753
HIGH
Joomla! Component VMap 1.9.6 SQL Injection via loadmarker
CVSS 8.2
CVE-2019-25752
HIGH
Joomla! Component J-BusinessDirectory 4.9.7 SQL Injection
CVSS 8.2
CVE-2019-25751
HIGH
Joomla J-ClassifiedsManager 3.0.5 SQL Injection
CVSS 8.2
CVE-2019-25750
HIGH
Joomla J-MultipleHotelReservation 6.0.7 SQL Injection
CVSS 8.2
CVE-2019-25749
HIGH
Joomla J-CruisePortal 6.0.4 SQL Injection via cruises
CVSS 7.1
Details
Vulnerabilities
19,845
Exploit Likelihood
High