CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,823 vulnerabilities with CWE-89
CVE-2021-43735
CRITICAL
CmsWing 1.3.7 - SQL Injection via Behavior Rule Parameter
CVSS 9.8
CVE-2021-43650
CRITICAL
WebRun 3.6.0.42 - SQL Injection via P_0 Parameter
CVSS 9.8
CVE-2021-44345
HIGH
One Card Integrated Management System 3.0 - SQL Injection
CVSS 7.5
CVE-2021-44088
CRITICAL
Sourcecodester Attendance and Payroll System 1.0 - SQL Injection via Login Parameters
CVSS 9.8
CVE-2021-45794
HIGH
Slims9 Bulian 9.4.2 - SQL Injection
CVSS 7.5
CVE-2021-45793
HIGH
Slims9 Bulian 9.4.2 - SQL Injection
CVSS 7.5
CVE-2021-45791
HIGH
Slims8 Akasia 8.3.1 - SQL Injection
CVSS 8.8
CVE-2021-45821
HIGH
Xbtit 3.1 - Authenticated Blind SQL Injection via sid Parameter
CVSS 8.8
CVE-2021-25007
CRITICAL
MOLIE WordPress <0.5 - SQL Injection
CVSS 9.8
CVE-2021-24959
HIGH
WP Email Users <1.7.6 - SQL Injection
CVSS 8.8
CVE-2021-32474
HIGH
moodle <3.5.18 and 3.10-3.10.3 - SQL Injection via XML-RPC MNet Call
CVSS 7.2
CVE-2021-43969
MEDIUM
Quicklert for Digium 10.0.0 - SQL Injection
CVSS 6.5
CVE-2021-24952
HIGH
Conversios.io WordPress <4.6.2 - SQL Injection
CVSS 8.8
CVE-2021-24778
HIGH
WordPress plugin <4.6.60 - SQL Injection
CVSS 7.2
CVE-2021-24777
HIGH
Hotscot Contact Form <1.3 - SQL Injection
CVSS 7.2
CVE-2021-23214
HIGH
PostgreSQL Certificate Authentication - SQL Injection via MITM
CVSS 8.1
CVE-2021-40636
HIGH
OS4ED openSIS 8.0 - SQL Injection in CheckDuplicateName.php
CVSS 7.5
CVE-2021-40635
HIGH
OS4ED openSIS 8.0 - SQL Injection in ChooseCpSearch.php and ChooseRequestSearch.php
CVSS 7.5
CVE-2021-43077
HIGH
Fortinet FortiWLM <8.6.2 - SQL Injection
CVSS 8.8
CVE-2021-24864
HIGH
WP Cloudy < 4.4.9 - Authenticated SQL Injection via post_id Parameter
CVSS 8.8
CVE-2021-24704
HIGH
Orange Form WordPress <1.0 - SQL Injection
CVSS 8.8
CVE-2021-44610
CRITICAL
bloofoxcms 0.5.1-0.5.2.1 - SQL Injection via Multiple Parameters in Admin Settings
CVSS 9.8
CVE-2021-44567
CRITICAL
RosarioSIS < 7.6.1 - Unauthenticated SQL Injection via PortalPollsNotes Votes Parameter
CVSS 9.8
CVE-2021-4208
HIGH
ExportFeed WP <2.0.1.0 - SQL Injection
CVSS 7.2
CVE-2021-25069
HIGH
WordPress Plugin <3.2.34 - SQL Injection/XSS
CVSS 8.8
Details
Vulnerabilities
19,823
Exploit Likelihood
High