CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,823 vulnerabilities with CWE-89
CVE-2021-43735 CRITICAL
CmsWing 1.3.7 - SQL Injection via Behavior Rule Parameter
CVSS 9.8
CVE-2021-43650 CRITICAL
WebRun 3.6.0.42 - SQL Injection via P_0 Parameter
CVSS 9.8
CVE-2021-44345 HIGH
One Card Integrated Management System 3.0 - SQL Injection
CVSS 7.5
CVE-2021-44088 CRITICAL
Sourcecodester Attendance and Payroll System 1.0 - SQL Injection via Login Parameters
CVSS 9.8
CVE-2021-45794 HIGH
Slims9 Bulian 9.4.2 - SQL Injection
CVSS 7.5
CVE-2021-45793 HIGH
Slims9 Bulian 9.4.2 - SQL Injection
CVSS 7.5
CVE-2021-45791 HIGH
Slims8 Akasia 8.3.1 - SQL Injection
CVSS 8.8
CVE-2021-45821 HIGH
Xbtit 3.1 - Authenticated Blind SQL Injection via sid Parameter
CVSS 8.8
CVE-2021-25007 CRITICAL
MOLIE WordPress <0.5 - SQL Injection
CVSS 9.8
CVE-2021-24959 HIGH
WP Email Users <1.7.6 - SQL Injection
CVSS 8.8
CVE-2021-32474 HIGH
moodle <3.5.18 and 3.10-3.10.3 - SQL Injection via XML-RPC MNet Call
CVSS 7.2
CVE-2021-43969 MEDIUM
Quicklert for Digium 10.0.0 - SQL Injection
CVSS 6.5
CVE-2021-24952 HIGH
Conversios.io WordPress <4.6.2 - SQL Injection
CVSS 8.8
CVE-2021-24778 HIGH
WordPress plugin <4.6.60 - SQL Injection
CVSS 7.2
CVE-2021-24777 HIGH
Hotscot Contact Form <1.3 - SQL Injection
CVSS 7.2
CVE-2021-23214 HIGH
PostgreSQL Certificate Authentication - SQL Injection via MITM
CVSS 8.1
CVE-2021-40636 HIGH
OS4ED openSIS 8.0 - SQL Injection in CheckDuplicateName.php
CVSS 7.5
CVE-2021-40635 HIGH
OS4ED openSIS 8.0 - SQL Injection in ChooseCpSearch.php and ChooseRequestSearch.php
CVSS 7.5
CVE-2021-43077 HIGH
Fortinet FortiWLM <8.6.2 - SQL Injection
CVSS 8.8
CVE-2021-24864 HIGH
WP Cloudy < 4.4.9 - Authenticated SQL Injection via post_id Parameter
CVSS 8.8
CVE-2021-24704 HIGH
Orange Form WordPress <1.0 - SQL Injection
CVSS 8.8
CVE-2021-44610 CRITICAL
bloofoxcms 0.5.1-0.5.2.1 - SQL Injection via Multiple Parameters in Admin Settings
CVSS 9.8
CVE-2021-44567 CRITICAL
RosarioSIS < 7.6.1 - Unauthenticated SQL Injection via PortalPollsNotes Votes Parameter
CVSS 9.8
CVE-2021-4208 HIGH
ExportFeed WP <2.0.1.0 - SQL Injection
CVSS 7.2
CVE-2021-25069 HIGH
WordPress Plugin <3.2.34 - SQL Injection/XSS
CVSS 8.8
Details
Vulnerabilities 19,823
Exploit Likelihood High