CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,823 vulnerabilities with CWE-89
CVE-2021-41661 CRITICAL
Church Management System 1.0 - SQL Injection and Remote Code Execution via Avatar Image Upload
CVSS 9.8
CVE-2021-41756 CRITICAL
dynamicmarkt <= 3.10 - SQL Injection via kat Parameter
CVSS 9.8
CVE-2021-41755 CRITICAL
dynamicMarkt <= 3.10 - SQL Injection via kat1 Parameter
CVSS 9.8
CVE-2021-41754 CRITICAL
dynamicMarkt <= 3.10 - SQL Injection via Parent Parameter
CVSS 9.8
CVE-2021-40961 HIGH
CMS Made Simple <=2.2.15 - SQL Injection
CVSS 8.8
CVE-2021-37589 HIGH
Virtua Cobranca < 12r - SQL Injection via Login Page
CVSS 7.5
CVE-2021-41932 HIGH
TeamMate+ Audit 28.0.19.0 - Authenticated Blind SQL Injection via Search Form
CVSS 8.8
CVE-2021-44098 CRITICAL
EGavilan Media Expense-Management-System 1.0 - SQL Injection via expense_action.php
CVSS 9.8
CVE-2021-44097 CRITICAL
Contact-Form-With-Messages-Entry-Management 1.0 - SQL Injection via Addmessage.php
CVSS 9.8
CVE-2021-44096 CRITICAL
EGavilan Media User-Registration-and-Login-System-With-Admin-Panel 1.0 - SQL Injection via profile_action update_user
CVSS 9.8
CVE-2021-44095 CRITICAL
ProjectWorlds Hospital Management System in php 1.0 - SQL Injection via Login Page
CVSS 9.8
CVE-2021-26634 CRITICAL
maxb maxboard < 1.9.6 - Unrestricted File Upload and SQL Injection
CVSS 9.8
CVE-2021-26633 HIGH
maxb maxboard < 1.9.4 - SQL Injection and Local File Inclusion
CVSS 7.5
CVE-2021-40317 HIGH
Piwigo 11.5.0 - SQL Injection via admin.php id Parameter
CVSS 8.8
CVE-2021-35487 MEDIUM
Nokia Broadcast Message Center <11.1.0 - SQL Injection
CVSS 6.5
CVE-2021-42655 HIGH
SiteServer CMS 6.15.51 - SQL Injection
CVSS 8.8
CVE-2021-37413 CRITICAL
GRANDCOM DynWEB < 4.2 - Unauthenticated SQL Injection via Admin Login Interface
CVSS 9.8
CVE-2021-41965 HIGH
ChurchCRM 2.0.0-4.4.5 - Authenticated SQL Injection via EN_tyid, theID, and EID Fields
CVSS 8.8
CVE-2021-43010 HIGH
Safedog Apache <4.0.30255 - SQL Injection
CVSS 7.5
CVE-2021-43094 CRITICAL
OpenMRS <2.11-2.4.0 - SQL Injection
CVSS 9.8
CVE-2021-42235 CRITICAL
osTicket < 1.14.8 and 1.15.4 - SQL Injection in Login and Password Reset Process
CVSS 9.8
CVE-2021-42185 CRITICAL
wdja v2.1 - SQL Injection via Foreground Search Function
CVSS 9.8
CVE-2021-41942 HIGH
Magic CMS MSVOD v10 - SQL Injection
CVSS 7.5
CVE-2021-24957 HIGH
WordPress Plugin <6.1.6 - SQL Injection
CVSS 8.8
CVE-2021-43481 CRITICAL
webtareas < 2.4 - SQL Injection via $uq POST Parameter
CVSS 9.8
Details
Vulnerabilities 19,823
Exploit Likelihood High