CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,823 vulnerabilities with CWE-89
CVE-2021-37291 CRITICAL
KevinLAB 4ST BEMS 1.0.0 - SQL Injection via index.php input_id Parameter
CVSS 9.8
CVE-2021-46436 HIGH
ZZCMS 2021 - SQL Injection via ad_manage.php
CVSS 7.2
CVE-2021-26114 CRITICAL
FortiWAN < 4.5.8 - Unauthenticated SQL Injection via HTTP Requests
CVSS 9.8
CVE-2021-32957 HIGH
MDT AutoSave <6.02.06 - Info Disclosure
CVSS 7.5
CVE-2021-32953 CRITICAL
MDT AutoSave <6.02.06 - SQL Injection
CVSS 9.8
CVE-2021-44135 CRITICAL
pagekit < 1.0.18 - SQL Injection via Comment Listing
CVSS 9.8
CVE-2021-43484 CRITICAL
Simple Client Management System 1.0 - RCE
CVSS 9.8
CVE-2021-36625 HIGH
Dolibarr ERP/CRM <14.0.0 - SQL Injection
CVSS 8.8
CVE-2021-43506 CRITICAL
Sourcecodester Simple Client Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2021-40645 MEDIUM
JFinalOA - SQL Injection via defkey Parameter in FlowTaskController
CVSS 6.5
CVE-2021-40644 MEDIUM
oasys - SQL Injection in Notice Mapper
CVSS 6.5
CVE-2021-43109 HIGH
PuneethReddyHC online-shopping-system - SQL Injection
CVSS 7.5
CVE-2021-43701 MEDIUM
CSZ CMS 1.2.9 - SQL Injection via fieldS[] and orderby Parameters
CVSS 6.5
CVE-2021-44581 HIGH
Kreado Kreasfero 1.5 - SQL Injection via id Parameter
CVSS 7.5
CVE-2021-25070 CRITICAL
Block Bad Bots WP <6.88 - SQL Injection
CVSS 9.8
CVE-2021-25068 HIGH
Sync WooCommerce Product feed <1.2.4 - SQL Injection
CVSS 7.2
CVE-2021-25064 HIGH
Wow Countdowns WP <3.1.2 - Authenticated SQL Injection
CVSS 7.2
CVE-2021-44617 CRITICAL
GLPI 9.4.6 - SQL Injection via Ramo Plugin idu Parameter
CVSS 9.8
CVE-2021-26599 CRITICAL
ImpressCMS < 1.4.3 - SQL Injection via findusers.php Groups Parameter
CVSS 9.8
CVE-2021-43091 HIGH
Yeswiki doryphore 20211012 - SQL Injection
CVSS 7.5
CVE-2021-43084 CRITICAL
Dreamer CMS 4.0.0 - SQL Injection via tableName Parameter
CVSS 9.8
CVE-2021-43700 CRITICAL
ApiManager 1.1 - SQL Injection via /index.php act Parameter
CVSS 9.8
CVE-2021-27472 CRITICAL
Rockwell Automation FactoryTalk AssetCentre <10.00 - SQL Injection
CVSS 10.0
CVE-2021-27468 CRITICAL
Rockwell Automation FactoryTalk AssetCentre <10.00 - SQL Injection
CVSS 10.0
CVE-2021-27464 CRITICAL
Rockwell Automation FactoryTalk AssetCentre <10.00 - SQL Injection
CVSS 10.0
Details
Vulnerabilities 19,823
Exploit Likelihood High