CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,817 vulnerabilities with CWE-89
CVE-2021-47811
CRITICAL
grocery_crud < 2.0.1 - SQL Injection via order_by Parameter
CVSS 9.1
CVE-2021-47801
HIGH
Vianeos OctoPUS 5 - Time-Based Blind SQL Injection via Login User Parameter
CVSS 8.2
CVE-2021-47782
HIGH
Odine Solutions GateKeeper 1.0 - SQL Injection
CVSS 8.2
CVE-2021-47777
HIGH
Build Smart ERP 21.0817 - SQL Injection
CVSS 8.2
CVE-2021-47766
HIGH
Kmaleon 1.1.0.205 - Authenticated SQL Injection via tipocomb Parameter
CVSS 7.1
CVE-2021-47763
HIGH
Aimeos 2021.10 LTS - SQL Injection via JSON API Sort Parameter
CVSS 8.2
CVE-2021-47720
HIGH
Orangescrum 1.8.0 - Authenticated SQL Injection via Multiple Parameters
CVSS 7.1
CVE-2021-47714
MEDIUM
Hasura GraphQL 1.3.3 - Local File Read via SQL Injection in Query Endpoint
CVSS 5.5
CVE-2021-47711
HIGH
Kentico Xperience < 13.0.52 - Authenticated SQL Injection via Online Marketing Macro Method Parameters
CVSS 8.8
CVE-2021-47708
CRITICAL
COMMAX Smart Home System CDP-1020n - SQL Injection
CVE-2021-47704
MEDIUM
OpenBMCS 2.4 - Authenticated SQL Injection via obix_test.php id Parameter
CVSS 6.5
CVE-2021-47693
HIGH
Nagios XI < 5.8.5 - Authenticated SQL Injection via Core Config Manager Search Text
CVSS 8.8
CVE-2021-4458
MEDIUM
Modern Events Calendar Lite <= 6.3.0 - Unauthenticated SQL Injection via 'id' Parameter
CVSS 5.9
CVE-2021-41691
CRITICAL
OS4Ed OpenSIS Community 8.0 - SQL Injection via Student ID and TRANSFER{SCHOOL} Parameters
CVSS 9.8
CVE-2021-37787
MEDIUM
abo.cms 5.8-5.9.3 - SQL Injection via TinyMCE Module POST Request
CVSS 6.5
CVE-2021-1470
MEDIUM
Cisco Catalyst SD-WAN Manager - Authenticated SQL Injection via Web Interface
CVSS 4.9
CVE-2021-4450
HIGH
Post Grid <= 2.1.12 - Authenticated Blind SQL Injection via Post Metadata
CVSS 8.8
CVE-2021-20451
MEDIUM
IBM Cognos Controller <11.0.0 - SQL Injection
CVSS 6.0
CVE-2021-24869
HIGH
WP Fastest Cache <0.9.5 - SQL Injection
CVSS 8.8
CVE-2021-24151
HIGH
WP Editor < 1.2.7 - Authenticated Blind SQL Injection via Settings Save Request
CVSS 7.2
CVE-2021-35437
CRITICAL
lmxcms 1.4 - SQL Injection via TagsAction.class
CVSS 9.8
CVE-2021-43609
CRITICAL
Spiceworks Help Desk Server <1.3.3 - Blind Boolean SQL Injection
CVSS 9.9
CVE-2021-26837
CRITICAL
Fortra DeliverNow < 1.2.18 - SQL Injection via SearchTextBox Parameter
CVSS 9.8
CVE-2021-45811
MEDIUM
osTicket 1.15-1.15.8 - Authenticated SQL Injection via Search Keywords and Topic ID Parameters
CVSS 6.5
CVE-2021-3262
CRITICAL
TripSpark VEO Transportation <2.2.x - SQL Injection
CVSS 9.8
Details
Vulnerabilities
19,817
Exploit Likelihood
High