CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,823 vulnerabilities with CWE-89
CVE-2021-41661
CRITICAL
Church Management System 1.0 - SQL Injection and Remote Code Execution via Avatar Image Upload
CVSS 9.8
CVE-2021-41756
CRITICAL
dynamicmarkt <= 3.10 - SQL Injection via kat Parameter
CVSS 9.8
CVE-2021-41755
CRITICAL
dynamicMarkt <= 3.10 - SQL Injection via kat1 Parameter
CVSS 9.8
CVE-2021-41754
CRITICAL
dynamicMarkt <= 3.10 - SQL Injection via Parent Parameter
CVSS 9.8
CVE-2021-40961
HIGH
CMS Made Simple <=2.2.15 - SQL Injection
CVSS 8.8
CVE-2021-37589
HIGH
Virtua Cobranca < 12r - SQL Injection via Login Page
CVSS 7.5
CVE-2021-41932
HIGH
TeamMate+ Audit 28.0.19.0 - Authenticated Blind SQL Injection via Search Form
CVSS 8.8
CVE-2021-44098
CRITICAL
EGavilan Media Expense-Management-System 1.0 - SQL Injection via expense_action.php
CVSS 9.8
CVE-2021-44097
CRITICAL
Contact-Form-With-Messages-Entry-Management 1.0 - SQL Injection via Addmessage.php
CVSS 9.8
CVE-2021-44096
CRITICAL
EGavilan Media User-Registration-and-Login-System-With-Admin-Panel 1.0 - SQL Injection via profile_action update_user
CVSS 9.8
CVE-2021-44095
CRITICAL
ProjectWorlds Hospital Management System in php 1.0 - SQL Injection via Login Page
CVSS 9.8
CVE-2021-26634
CRITICAL
maxb maxboard < 1.9.6 - Unrestricted File Upload and SQL Injection
CVSS 9.8
CVE-2021-26633
HIGH
maxb maxboard < 1.9.4 - SQL Injection and Local File Inclusion
CVSS 7.5
CVE-2021-40317
HIGH
Piwigo 11.5.0 - SQL Injection via admin.php id Parameter
CVSS 8.8
CVE-2021-35487
MEDIUM
Nokia Broadcast Message Center <11.1.0 - SQL Injection
CVSS 6.5
CVE-2021-42655
HIGH
SiteServer CMS 6.15.51 - SQL Injection
CVSS 8.8
CVE-2021-37413
CRITICAL
GRANDCOM DynWEB < 4.2 - Unauthenticated SQL Injection via Admin Login Interface
CVSS 9.8
CVE-2021-41965
HIGH
ChurchCRM 2.0.0-4.4.5 - Authenticated SQL Injection via EN_tyid, theID, and EID Fields
CVSS 8.8
CVE-2021-43010
HIGH
Safedog Apache <4.0.30255 - SQL Injection
CVSS 7.5
CVE-2021-43094
CRITICAL
OpenMRS <2.11-2.4.0 - SQL Injection
CVSS 9.8
CVE-2021-42235
CRITICAL
osTicket < 1.14.8 and 1.15.4 - SQL Injection in Login and Password Reset Process
CVSS 9.8
CVE-2021-42185
CRITICAL
wdja v2.1 - SQL Injection via Foreground Search Function
CVSS 9.8
CVE-2021-41942
HIGH
Magic CMS MSVOD v10 - SQL Injection
CVSS 7.5
CVE-2021-24957
HIGH
WordPress Plugin <6.1.6 - SQL Injection
CVSS 8.8
CVE-2021-43481
CRITICAL
webtareas < 2.4 - SQL Injection via $uq POST Parameter
CVSS 9.8
Details
Vulnerabilities
19,823
Exploit Likelihood
High