CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,823 vulnerabilities with CWE-89
CVE-2021-37291
CRITICAL
KevinLAB 4ST BEMS 1.0.0 - SQL Injection via index.php input_id Parameter
CVSS 9.8
CVE-2021-46436
HIGH
ZZCMS 2021 - SQL Injection via ad_manage.php
CVSS 7.2
CVE-2021-26114
CRITICAL
FortiWAN < 4.5.8 - Unauthenticated SQL Injection via HTTP Requests
CVSS 9.8
CVE-2021-32957
HIGH
MDT AutoSave <6.02.06 - Info Disclosure
CVSS 7.5
CVE-2021-32953
CRITICAL
MDT AutoSave <6.02.06 - SQL Injection
CVSS 9.8
CVE-2021-44135
CRITICAL
pagekit < 1.0.18 - SQL Injection via Comment Listing
CVSS 9.8
CVE-2021-43484
CRITICAL
Simple Client Management System 1.0 - RCE
CVSS 9.8
CVE-2021-36625
HIGH
Dolibarr ERP/CRM <14.0.0 - SQL Injection
CVSS 8.8
CVE-2021-43506
CRITICAL
Sourcecodester Simple Client Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2021-40645
MEDIUM
JFinalOA - SQL Injection via defkey Parameter in FlowTaskController
CVSS 6.5
CVE-2021-40644
MEDIUM
oasys - SQL Injection in Notice Mapper
CVSS 6.5
CVE-2021-43109
HIGH
PuneethReddyHC online-shopping-system - SQL Injection
CVSS 7.5
CVE-2021-43701
MEDIUM
CSZ CMS 1.2.9 - SQL Injection via fieldS[] and orderby Parameters
CVSS 6.5
CVE-2021-44581
HIGH
Kreado Kreasfero 1.5 - SQL Injection via id Parameter
CVSS 7.5
CVE-2021-25070
CRITICAL
Block Bad Bots WP <6.88 - SQL Injection
CVSS 9.8
CVE-2021-25068
HIGH
Sync WooCommerce Product feed <1.2.4 - SQL Injection
CVSS 7.2
CVE-2021-25064
HIGH
Wow Countdowns WP <3.1.2 - Authenticated SQL Injection
CVSS 7.2
CVE-2021-44617
CRITICAL
GLPI 9.4.6 - SQL Injection via Ramo Plugin idu Parameter
CVSS 9.8
CVE-2021-26599
CRITICAL
ImpressCMS < 1.4.3 - SQL Injection via findusers.php Groups Parameter
CVSS 9.8
CVE-2021-43091
HIGH
Yeswiki doryphore 20211012 - SQL Injection
CVSS 7.5
CVE-2021-43084
CRITICAL
Dreamer CMS 4.0.0 - SQL Injection via tableName Parameter
CVSS 9.8
CVE-2021-43700
CRITICAL
ApiManager 1.1 - SQL Injection via /index.php act Parameter
CVSS 9.8
CVE-2021-27472
CRITICAL
Rockwell Automation FactoryTalk AssetCentre <10.00 - SQL Injection
CVSS 10.0
CVE-2021-27468
CRITICAL
Rockwell Automation FactoryTalk AssetCentre <10.00 - SQL Injection
CVSS 10.0
CVE-2021-27464
CRITICAL
Rockwell Automation FactoryTalk AssetCentre <10.00 - SQL Injection
CVSS 10.0
Details
Vulnerabilities
19,823
Exploit Likelihood
High