CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,823 vulnerabilities with CWE-89
CVE-2021-41609
CRITICAL
SelectSurvey.NET < 5.052.000 - Unauthenticated SQL Injection via UploadedImageDisplay.aspx ID Parameter
CVSS 9.8
CVE-2021-45435
CRITICAL
Simple Cold Storage Management System 1.0 - SQL Injection via Login Username Field
CVSS 9.8
CVE-2021-44249
CRITICAL
Online Motorcycle (Bike) Rental System 1.0 - Blind Time-Based SQL Injection via Login Portal
CVSS 9.8
CVE-2021-46427
CRITICAL
Sourcecodester Simple Chatbot App 1.0 - SQL Injection
CVSS 9.8
CVE-2021-46377
CRITICAL
cszcms 1.2.9 - SQL Injection via Member.php viewUser
CVSS 9.8
CVE-2021-46385
HIGH
MCMS <=5.2.5 - SQL Injection via FormDataAction#queryData
CVSS 7.5
CVE-2021-46383
HIGH
MCMS <=5.2.5 - SQL Injection via DictAction#list Parameter
CVSS 7.5
CVE-2021-36348
HIGH
iDRAC9 <5.00.20.00 - Command Injection
CVSS 8.1
CVE-2021-43863
HIGH
Nextcloud Android <3.18.1 - Privilege Escalation
CVSS 7.5
CVE-2021-46089
CRITICAL
JeecgBoot 3.0 - SQL Injection
CVSS 9.8
CVE-2021-45803
HIGH
MartDevelopers iResturant 1.0 - SQL Injection
CVSS 8.8
CVE-2021-45802
CRITICAL
MartDevelopers iResturant 1.0 - SQL Injection
CVSS 9.8
CVE-2021-46451
CRITICAL
Online Time Management System Online Project Time Management System - SQL Injection
CVSS 9.8
CVE-2021-43420
CRITICAL
Sourcecodester Online Payment Hub - SQL Injection
CVSS 9.8
CVE-2021-41928
CRITICAL
Sourcecodester Try My Recipe 1.0 - SQL Injection via rid Parameter
CVSS 9.8
CVE-2021-41660
CRITICAL
Patient Appointment Scheduler System - SQL Injection via Login Username and Password Fields
CVSS 9.8
CVE-2021-41659
CRITICAL
Sourcecodester Banking System v1 - SQL Injection via Username or Password Field
CVSS 9.8
CVE-2021-4088
HIGH
McAfee Data Loss Prevention 11.6.401 11.7.0-11.7.100 11.8.0-11.8.99 - Authenticated SQL Injection
CVSS 8.4
CVE-2021-41472
CRITICAL
Simple Membership System - SQL Injection via Username and Password Parameters
CVSS 9.8
CVE-2021-41471
CRITICAL
South Gate Inn Online Reservation System - SQL Injection via Email and Password Parameters
CVSS 9.8
CVE-2021-40909
CRITICAL
PHP CRUD Ajax/DataTables Tutorial - Stored XSS via First/Last Name & Email
CVSS 9.6
CVE-2021-40908
CRITICAL
Sourcecodester Purchase Order Management System v1 - SQL Injection
CVSS 9.8
CVE-2021-40907
CRITICAL
Storage Unit Rental Management System - SQL Injection via Username Parameter
CVSS 9.8
CVE-2021-40596
CRITICAL
Sourcecodester Online Learning System <v2 - SQL Injection
CVSS 9.8
CVE-2021-25076
HIGH
WP User Frontend <3.5.26 - SQL Injection
CVSS 8.8
Details
Vulnerabilities
19,823
Exploit Likelihood
High