CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,823 vulnerabilities with CWE-89
CVE-2021-38729 CRITICAL
SEMCMS SHOP 1.1 - SQL Injection via Ant_Plist.php
CVSS 9.8
CVE-2021-38217 CRITICAL
SEMCMS 1.2 - SQL Injection via SEMCMS_User.php
CVSS 9.8
CVE-2021-38737 CRITICAL
SEMCMS 1.1 - SQL Injection via Ant_Pro.php
CVSS 9.8
CVE-2021-38736 CRITICAL
SEMCMS Shop 1.1 - SQL Injection via Ant_Global.php
CVSS 9.8
CVE-2021-38734 CRITICAL
SEMCMS SHOP 1.1 - SQL Injection via Ant_Menu.php
CVSS 9.8
CVE-2021-37782 CRITICAL
Employee Record Management System 1.2 - SQL Injection via editempprofile.php
CVSS 9.8
CVE-2021-35387 HIGH
Hospital Management System <4.0 - SQL Injection
CVSS 8.8
CVE-2021-45788 HIGH
Metersphere <1.15.4 - SQL Injection
CVSS 8.8
CVE-2021-41433 CRITICAL
Resumes Management and Job Application Website Application 1.0 - SQL Injection in Login Form
CVSS 9.8
CVE-2021-44835 CRITICAL
Active Intelligent Visualization 5 - SQL Injection via Vdc Header
CVSS 9.8
CVE-2021-43329 CRITICAL
Mumara Classic <2.93 - SQL Injection
CVSS 9.8
CVE-2021-43766 HIGH
Odyssey - SQL Injection via Man-in-the-Middle Attack on Certificate Common Name Authentication
CVSS 8.1
CVE-2021-39085 CRITICAL
IBM Sterling B2B Integrator 6.0.0.0-6.0.3.5, 6.1.0.0-6.1.0.4, 6.1.1.0-6.1.1.1 - SQL Injection
CVSS 9.8
CVE-2021-35283 CRITICAL
atoms183 CMS 1.0 - SQL Injection via Name, Fname, and ID Parameters
CVSS 9.8
CVE-2021-44915 HIGH
Taocms 3.0.2 - SQL Injection via Edit Category Function
CVSS 7.2
CVE-2021-32428 CRITICAL
viaviweb ebook 10 - SQL Injection via author_id Parameter
CVSS 9.8
CVE-2021-41460 HIGH
ECShop 4.1.0 - SQL Injection
CVSS 7.5
CVE-2021-40956 HIGH
laiketui v3.5.0 - SQL Injection via Menu Management Function
CVSS 7.5
CVE-2021-40955 HIGH
laiketui 3.5.0 - SQL Injection in Background Administrator List
CVSS 7.2
CVE-2021-26636 HIGH
MaxBoard < 1.9.6.1 - Stored Cross-Site Scripting and SQL Injection
CVSS 8.8
CVE-2021-41408 CRITICAL
VoIPmonitor WEB GUI up to 24.61 - SQL Injection via api.php user Parameter
CVSS 9.8
CVE-2021-41487 CRITICAL
NOKIA VitalSuite SPM 2020 - SQL Injection via UserName Parameter
CVSS 9.8
CVE-2021-41654 CRITICAL
wuzhicms v4.1.0 - SQL Injection via $keyValue Parameter
CVSS 9.8
CVE-2021-41672 MEDIUM
PEEL Shopping CMS 9.4.0 - Authenticated SQL Injection in utilisateurs.php
CVSS 6.5
CVE-2021-41662 CRITICAL
South Gate Inn Online Reservation System 1.0 - SQL Injection and Remote Code Execution via Malicious File Upload
CVSS 9.8
Details
Vulnerabilities 19,823
Exploit Likelihood High