CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,823 vulnerabilities with CWE-89
CVE-2021-44302
HIGH
BaiCloud-cms v2.5.7 - SQL Injection via tongji and baidu_map Parameters
CVSS 8.8
CVE-2021-46110
CRITICAL
Online Shopping Portal v3.1 - SQL Injection
CVSS 9.8
CVE-2021-44868
CRITICAL
mingsoft mcms v5.1 - SQL Injection via /ms/cms/content/list.do
CVSS 9.8
CVE-2021-3242
CRITICAL
DuxCMS v3.1.3 - SQL Injection via SendTpl Keyword Parameter
CVSS 9.8
CVE-2021-4134
HIGH
Fancy Product Designer <= 4.7.4 - Authenticated SQL Injection via ID Parameter
CVSS 7.2
CVE-2021-25109
LOW
Futurio Extra <1.6.3 - SQL Injection, XSS
CVSS 2.7
CVE-2021-34235
CRITICAL
Tokheim Profleet DiaLOG 11.005.02 - SQL Injection via Field__UserLogin Parameter
CVSS 9.8
CVE-2021-25114
CRITICAL
Paid Memberships Pro <2.6.7 - SQL Injection
CVSS 9.8
CVE-2021-24928
MEDIUM
Rearrange Woocommerce Products <3.0.8 - SQL Injection
CVSS 6.5
CVE-2021-43927
MEDIUM
Synology DSM <7.0.1-42218-2 - SQL Injection
CVSS 4.7
CVE-2021-43926
MEDIUM
Synology DSM <7.0.1-42218-2 - SQL Injection
CVSS 4.7
CVE-2021-43925
MEDIUM
Synology DSM <7.0.1-42218-2 - SQL Injection
CVSS 4.7
CVE-2021-44779
HIGH
[GWA] AutoResponder <= 2.3 - Unauthenticated SQL Injection via listid Parameter
CVSS 7.3
CVE-2021-44866
HIGH
Online-Movie-Ticket-Booking-System 1.0 - SQL Injection via about.php id Parameter
CVSS 7.5
CVE-2021-42633
MEDIUM
PrinterLogic Web Stack < 19.1.1.13 SP9 - SQL Injection
CVSS 5.3
CVE-2021-43510
CRITICAL
Sourcecodester Simple Client Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2021-43509
CRITICAL
Sourcecodester Simple Client Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2021-24919
HIGH
Wicked Folders WP <2.8.10 - SQL Injection
CVSS 8.8
CVE-2021-24762
CRITICAL
The Perfect Survey WP <1.5.2 - SQL Injection
CVSS 9.8
CVE-2021-46459
HIGH
Victor CMS 1.0 - SQL Injection via admin/users.php user_name Parameter
CVSS 7.5
CVE-2021-46458
HIGH
Victor CMS v1.0 - SQL Injection via post_title Parameter
CVSS 7.5
CVE-2021-46448
CRITICAL
H.H.G Multistore <5.1.0 - SQL Injection
CVSS 9.8
CVE-2021-46446
CRITICAL
H.H.G Multistore <5.1.0 - SQL Injection
CVSS 9.8
CVE-2021-46445
CRITICAL
H.H.G Multistore <5.1.0 - SQL Injection
CVSS 9.8
CVE-2021-46444
CRITICAL
H.H.G Multistore <5.1.0 - SQL Injection
CVSS 9.8
Details
Vulnerabilities
19,823
Exploit Likelihood
High