CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,823 vulnerabilities with CWE-89
CVE-2021-44302 HIGH
BaiCloud-cms v2.5.7 - SQL Injection via tongji and baidu_map Parameters
CVSS 8.8
CVE-2021-46110 CRITICAL
Online Shopping Portal v3.1 - SQL Injection
CVSS 9.8
CVE-2021-44868 CRITICAL
mingsoft mcms v5.1 - SQL Injection via /ms/cms/content/list.do
CVSS 9.8
CVE-2021-3242 CRITICAL
DuxCMS v3.1.3 - SQL Injection via SendTpl Keyword Parameter
CVSS 9.8
CVE-2021-4134 HIGH
Fancy Product Designer <= 4.7.4 - Authenticated SQL Injection via ID Parameter
CVSS 7.2
CVE-2021-25109 LOW
Futurio Extra <1.6.3 - SQL Injection, XSS
CVSS 2.7
CVE-2021-34235 CRITICAL
Tokheim Profleet DiaLOG 11.005.02 - SQL Injection via Field__UserLogin Parameter
CVSS 9.8
CVE-2021-25114 CRITICAL
Paid Memberships Pro <2.6.7 - SQL Injection
CVSS 9.8
CVE-2021-24928 MEDIUM
Rearrange Woocommerce Products <3.0.8 - SQL Injection
CVSS 6.5
CVE-2021-43927 MEDIUM
Synology DSM <7.0.1-42218-2 - SQL Injection
CVSS 4.7
CVE-2021-43926 MEDIUM
Synology DSM <7.0.1-42218-2 - SQL Injection
CVSS 4.7
CVE-2021-43925 MEDIUM
Synology DSM <7.0.1-42218-2 - SQL Injection
CVSS 4.7
CVE-2021-44779 HIGH
[GWA] AutoResponder <= 2.3 - Unauthenticated SQL Injection via listid Parameter
CVSS 7.3
CVE-2021-44866 HIGH
Online-Movie-Ticket-Booking-System 1.0 - SQL Injection via about.php id Parameter
CVSS 7.5
CVE-2021-42633 MEDIUM
PrinterLogic Web Stack < 19.1.1.13 SP9 - SQL Injection
CVSS 5.3
CVE-2021-43510 CRITICAL
Sourcecodester Simple Client Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2021-43509 CRITICAL
Sourcecodester Simple Client Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2021-24919 HIGH
Wicked Folders WP <2.8.10 - SQL Injection
CVSS 8.8
CVE-2021-24762 CRITICAL
The Perfect Survey WP <1.5.2 - SQL Injection
CVSS 9.8
CVE-2021-46459 HIGH
Victor CMS 1.0 - SQL Injection via admin/users.php user_name Parameter
CVSS 7.5
CVE-2021-46458 HIGH
Victor CMS v1.0 - SQL Injection via post_title Parameter
CVSS 7.5
CVE-2021-46448 CRITICAL
H.H.G Multistore <5.1.0 - SQL Injection
CVSS 9.8
CVE-2021-46446 CRITICAL
H.H.G Multistore <5.1.0 - SQL Injection
CVSS 9.8
CVE-2021-46445 CRITICAL
H.H.G Multistore <5.1.0 - SQL Injection
CVSS 9.8
CVE-2021-46444 CRITICAL
H.H.G Multistore <5.1.0 - SQL Injection
CVSS 9.8
Details
Vulnerabilities 19,823
Exploit Likelihood High