CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,823 vulnerabilities with CWE-89
CVE-2021-41609 CRITICAL
SelectSurvey.NET < 5.052.000 - Unauthenticated SQL Injection via UploadedImageDisplay.aspx ID Parameter
CVSS 9.8
CVE-2021-45435 CRITICAL
Simple Cold Storage Management System 1.0 - SQL Injection via Login Username Field
CVSS 9.8
CVE-2021-44249 CRITICAL
Online Motorcycle (Bike) Rental System 1.0 - Blind Time-Based SQL Injection via Login Portal
CVSS 9.8
CVE-2021-46427 CRITICAL
Sourcecodester Simple Chatbot App 1.0 - SQL Injection
CVSS 9.8
CVE-2021-46377 CRITICAL
cszcms 1.2.9 - SQL Injection via Member.php viewUser
CVSS 9.8
CVE-2021-46385 HIGH
MCMS <=5.2.5 - SQL Injection via FormDataAction#queryData
CVSS 7.5
CVE-2021-46383 HIGH
MCMS <=5.2.5 - SQL Injection via DictAction#list Parameter
CVSS 7.5
CVE-2021-36348 HIGH
iDRAC9 <5.00.20.00 - Command Injection
CVSS 8.1
CVE-2021-43863 HIGH
Nextcloud Android <3.18.1 - Privilege Escalation
CVSS 7.5
CVE-2021-46089 CRITICAL
JeecgBoot 3.0 - SQL Injection
CVSS 9.8
CVE-2021-45803 HIGH
MartDevelopers iResturant 1.0 - SQL Injection
CVSS 8.8
CVE-2021-45802 CRITICAL
MartDevelopers iResturant 1.0 - SQL Injection
CVSS 9.8
CVE-2021-46451 CRITICAL
Online Time Management System Online Project Time Management System - SQL Injection
CVSS 9.8
CVE-2021-43420 CRITICAL
Sourcecodester Online Payment Hub - SQL Injection
CVSS 9.8
CVE-2021-41928 CRITICAL
Sourcecodester Try My Recipe 1.0 - SQL Injection via rid Parameter
CVSS 9.8
CVE-2021-41660 CRITICAL
Patient Appointment Scheduler System - SQL Injection via Login Username and Password Fields
CVSS 9.8
CVE-2021-41659 CRITICAL
Sourcecodester Banking System v1 - SQL Injection via Username or Password Field
CVSS 9.8
CVE-2021-4088 HIGH
McAfee Data Loss Prevention 11.6.401 11.7.0-11.7.100 11.8.0-11.8.99 - Authenticated SQL Injection
CVSS 8.4
CVE-2021-41472 CRITICAL
Simple Membership System - SQL Injection via Username and Password Parameters
CVSS 9.8
CVE-2021-41471 CRITICAL
South Gate Inn Online Reservation System - SQL Injection via Email and Password Parameters
CVSS 9.8
CVE-2021-40909 CRITICAL
PHP CRUD Ajax/DataTables Tutorial - Stored XSS via First/Last Name & Email
CVSS 9.6
CVE-2021-40908 CRITICAL
Sourcecodester Purchase Order Management System v1 - SQL Injection
CVSS 9.8
CVE-2021-40907 CRITICAL
Storage Unit Rental Management System - SQL Injection via Username Parameter
CVSS 9.8
CVE-2021-40596 CRITICAL
Sourcecodester Online Learning System <v2 - SQL Injection
CVSS 9.8
CVE-2021-25076 HIGH
WP User Frontend <3.5.26 - SQL Injection
CVSS 8.8
Details
Vulnerabilities 19,823
Exploit Likelihood High