CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,823 vulnerabilities with CWE-89
CVE-2021-36503
CRITICAL
native-php-cms 1.0 - SQL Injection via cat Parameter
CVSS 9.8
CVE-2021-36484
CRITICAL
jizhicms 1.9.5 - SQL Injection via Add or Edit Article Page
CVSS 9.8
CVE-2021-36434
CRITICAL
jocms 0.8 - SQL Injection via jo_json_check Function
CVSS 9.1
CVE-2021-36433
CRITICAL
jocms 0.8 - SQL Injection via jo_delete_mask Function
CVSS 9.1
CVE-2021-36432
HIGH
jocms 0.8 - SQL Injection via jo_set_mask() Function
CVSS 7.5
CVE-2021-36431
CRITICAL
jocms 0.8 - SQL Injection via jo_json_check() Function
CVSS 9.1
CVE-2021-26644
HIGH
mangboard_wp - SQL Injection via DB Table Name Parameter
CVSS 8.8
CVE-2021-4313
MEDIUM
NethServer phonenehome - SQL Injection
CVSS 5.5
CVE-2021-4308
MEDIUM
WebPA < 3.1.2 - SQL Injection
CVSS 5.5
CVE-2021-4301
MEDIUM
Slackero phpwcms <1.9.26 - SQL Injection
CVSS 6.3
CVE-2021-4298
MEDIUM
Hesburgh Libraries of Notre Dame Sipity <2021.8 - SQL Injection
CVSS 5.5
CVE-2021-4290
MEDIUM
fallstudie - SQL Injection via Login Component Email Parameter
CVSS 5.5
CVE-2021-4276
MEDIUM
dns-stats hedgehog < 2021-05-13 - SQL Injection in DSCIOManager::dsc_import_input_from_source
CVSS 4.1
CVE-2021-4262
MEDIUM
laravel-jqgrid < 2017-10-09 - SQL Injection in EloquentRepositoryAbstract getRows Function
CVSS 5.5
CVE-2021-4261
MEDIUM
pacman-canvas <1.0.6 - SQL Injection
CVSS 6.3
CVE-2021-4246
MEDIUM
roxlukas LMeve < 0.1.61 - SQL Injection via X-Forwarded-For Header
CVSS 6.3
CVE-2021-31650
CRITICAL
Sourcecodester Online Grading System 1.0 - SQL Injection via uname Parameter
CVSS 9.8
CVE-2021-35284
CRITICAL
rizalafani cms-php <1 - SQL Injection
CVSS 9.8
CVE-2021-38819
HIGH
Simple Image Gallery System 1.0 - SQL Injection
CVSS 8.8
CVE-2021-37823
MEDIUM
OpenCart 3.0.3.7 - SQL Injection
CVSS 4.9
CVE-2021-36898
HIGH
Quiz And Survey Master <= 7.3.4 - Authenticated SQL Injection
CVSS 7.5
CVE-2021-38733
CRITICAL
SEMCMS SHOP 1.1 - SQL Injection via Ant_BlogCat.php
CVSS 9.8
CVE-2021-38732
CRITICAL
SEMCMS SHOP 1.1 - SQL Injection via Ant_Message.php
CVSS 9.8
CVE-2021-38731
CRITICAL
SEMCMS SHOP 1.1 - SQL Injection via Ant_Zekou.php
CVSS 9.8
CVE-2021-38730
CRITICAL
SEMCMS SHOP 1.1 - SQL Injection via Ant_Info.php
CVSS 9.8
Details
Vulnerabilities
19,823
Exploit Likelihood
High