CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,823 vulnerabilities with CWE-89
CVE-2021-38729
CRITICAL
SEMCMS SHOP 1.1 - SQL Injection via Ant_Plist.php
CVSS 9.8
CVE-2021-38217
CRITICAL
SEMCMS 1.2 - SQL Injection via SEMCMS_User.php
CVSS 9.8
CVE-2021-38737
CRITICAL
SEMCMS 1.1 - SQL Injection via Ant_Pro.php
CVSS 9.8
CVE-2021-38736
CRITICAL
SEMCMS Shop 1.1 - SQL Injection via Ant_Global.php
CVSS 9.8
CVE-2021-38734
CRITICAL
SEMCMS SHOP 1.1 - SQL Injection via Ant_Menu.php
CVSS 9.8
CVE-2021-37782
CRITICAL
Employee Record Management System 1.2 - SQL Injection via editempprofile.php
CVSS 9.8
CVE-2021-35387
HIGH
Hospital Management System <4.0 - SQL Injection
CVSS 8.8
CVE-2021-45788
HIGH
Metersphere <1.15.4 - SQL Injection
CVSS 8.8
CVE-2021-41433
CRITICAL
Resumes Management and Job Application Website Application 1.0 - SQL Injection in Login Form
CVSS 9.8
CVE-2021-44835
CRITICAL
Active Intelligent Visualization 5 - SQL Injection via Vdc Header
CVSS 9.8
CVE-2021-43329
CRITICAL
Mumara Classic <2.93 - SQL Injection
CVSS 9.8
CVE-2021-43766
HIGH
Odyssey - SQL Injection via Man-in-the-Middle Attack on Certificate Common Name Authentication
CVSS 8.1
CVE-2021-39085
CRITICAL
IBM Sterling B2B Integrator 6.0.0.0-6.0.3.5, 6.1.0.0-6.1.0.4, 6.1.1.0-6.1.1.1 - SQL Injection
CVSS 9.8
CVE-2021-35283
CRITICAL
atoms183 CMS 1.0 - SQL Injection via Name, Fname, and ID Parameters
CVSS 9.8
CVE-2021-44915
HIGH
Taocms 3.0.2 - SQL Injection via Edit Category Function
CVSS 7.2
CVE-2021-32428
CRITICAL
viaviweb ebook 10 - SQL Injection via author_id Parameter
CVSS 9.8
CVE-2021-41460
HIGH
ECShop 4.1.0 - SQL Injection
CVSS 7.5
CVE-2021-40956
HIGH
laiketui v3.5.0 - SQL Injection via Menu Management Function
CVSS 7.5
CVE-2021-40955
HIGH
laiketui 3.5.0 - SQL Injection in Background Administrator List
CVSS 7.2
CVE-2021-26636
HIGH
MaxBoard < 1.9.6.1 - Stored Cross-Site Scripting and SQL Injection
CVSS 8.8
CVE-2021-41408
CRITICAL
VoIPmonitor WEB GUI up to 24.61 - SQL Injection via api.php user Parameter
CVSS 9.8
CVE-2021-41487
CRITICAL
NOKIA VitalSuite SPM 2020 - SQL Injection via UserName Parameter
CVSS 9.8
CVE-2021-41654
CRITICAL
wuzhicms v4.1.0 - SQL Injection via $keyValue Parameter
CVSS 9.8
CVE-2021-41672
MEDIUM
PEEL Shopping CMS 9.4.0 - Authenticated SQL Injection in utilisateurs.php
CVSS 6.5
CVE-2021-41662
CRITICAL
South Gate Inn Online Reservation System 1.0 - SQL Injection and Remote Code Execution via Malicious File Upload
CVSS 9.8
Details
Vulnerabilities
19,823
Exploit Likelihood
High