CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,845 vulnerabilities with CWE-89
CVE-2020-8592 CRITICAL
eG Manager 7.1.2 - SQL Injection via Forgot Password User Parameter
CVSS 9.8
CVE-2020-7471 CRITICAL
Django 1.11-1.11.27, 2.2-2.2.9, 3.0-3.0.2 - SQL Injection via StringAgg Delimiter
CVSS 9.8
CVE-2020-3719 HIGH
Magento <2.3.3, <2.2.10, <1.14.4.3, <1.9.4.3 - SQL Injection
CVSS 7.5
CVE-2020-7981 CRITICAL
Geocoder < 1.6.1 - SQL Injection via within_bounding_box Coordinates
CVSS 9.8
CVE-2020-7939 HIGH
Plone 4.0-5.2.1 - SQL Injection in DTML or Connection Objects
CVSS 8.8
CVE-2020-6960 CRITICAL
Honeywell MAXPRO VMS and NVR < 5.6 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2020-7229 CRITICAL
simplejobscript < 1.65 - Unauthenticated SQL Injection via landing_location Parameter
CVSS 9.8
CVE-2020-5504 HIGH
phpMyAdmin <4.9.4-5.0.1 - SQL Injection
CVSS 8.8
CVE-2020-5511 HIGH
PHPGurukul Small CRM v2.0 - Auth Bypass
CVSS 8.8
CVE-2020-5510 CRITICAL
PHPGurukul Hostel Mgt Sys <2.0 - SQL Injection
CVSS 9.8
CVE-2020-5841 CRITICAL
OpServices OpMon <9.3.1-1 - SQL Injection
CVSS 9.8
CVE-2020-5307 CRITICAL
PHPGurukul Dairy Farm Shop Management System 1.0 - SQL Injection via Username Parameter
CVSS 9.8
CVE-2020-5515 HIGH
Gila CMS 1.11.8 - SQL Injection via Admin SQL Query Parameter
CVSS 7.2
CVE-2020-5192 HIGH
PHPGurukul Hospital Management System 4.0 - SQL Injection
CVSS 8.8
CVE-2019-25761 HIGH
Joomla! Component JoomCRM 1.1.1 SQL Injection via deal_id
CVSS 7.1
CVE-2019-25759 HIGH
Joomla! Component vBizz 1.0.7 SQL Injection
CVSS 7.1
CVE-2019-25757 HIGH
Joomla vWishlist 1.0.1 SQL Injection via vproductid Parameter
CVSS 7.1
CVE-2019-25756 HIGH
Joomla! Component vAccount 2.0.2 SQL Injection via vaccount-dashboard
CVSS 8.2
CVE-2019-25755 HIGH
Joomla vReview 1.9.11 SQL Injection via editReview
CVSS 8.2
CVE-2019-25754 HIGH
Joomla vRestaurant 1.9.4 SQL Injection via menu-listing-layout
CVSS 8.2
CVE-2019-25753 HIGH
Joomla! Component VMap 1.9.6 SQL Injection via loadmarker
CVSS 8.2
CVE-2019-25752 HIGH
Joomla! Component J-BusinessDirectory 4.9.7 SQL Injection
CVSS 8.2
CVE-2019-25751 HIGH
Joomla J-ClassifiedsManager 3.0.5 SQL Injection
CVSS 8.2
CVE-2019-25750 HIGH
Joomla J-MultipleHotelReservation 6.0.7 SQL Injection
CVSS 8.2
CVE-2019-25749 HIGH
Joomla J-CruisePortal 6.0.4 SQL Injection via cruises
CVSS 7.1
Details
Vulnerabilities 19,845
Exploit Likelihood High