CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,824 vulnerabilities with CWE-89
CVE-2021-25076 HIGH
WP User Frontend <3.5.26 - SQL Injection
CVSS 8.8
CVE-2021-25045 HIGH
Asgaros Forum <1.15.15 - SQL Injection
CVSS 7.2
CVE-2021-24865 HIGH
Advanced Custom Fields: Extended <0.8.8.7 - SQL Injection
CVSS 7.2
CVE-2021-24858 HIGH
Cookie Notification Plugin <1.0.9 - SQL Injection
CVSS 7.2
CVE-2021-46024 CRITICAL
Projectworlds online-shopping-webvsite-in-php 1.0 - SQL Injection
CVSS 9.8
CVE-2021-40595 CRITICAL
Sourcecodester Online Leave Management System v1 - SQL Injection
CVSS 9.8
CVE-2021-44593 HIGH
Simple College Website 1.0 - Unauthenticated Remote Code Execution via UNION-based SQL Injection in Username Parameter
CVSS 8.1
CVE-2021-40247 CRITICAL
Sourcecodester Budget and Expense Tracker System <v1 - SQL Injection
CVSS 9.8
CVE-2021-46309 CRITICAL
Employee and Visitor Gate Pass Logging System 1.0 - SQL Injection via Username Parameter
CVSS 9.8
CVE-2021-46308 CRITICAL
Sourcecodester Online Railway Reservation Sysytem 1.0 - SQL Injection
CVSS 9.8
CVE-2021-46307 CRITICAL
Projectworlds Online Examination System 1.0 - SQL Injection
CVSS 9.8
CVE-2021-46201 CRITICAL
Sourcecodester Online Resort Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2021-46200 CRITICAL
Sourcecodester Simple Music Clour Community System 1.0 - SQL Injection
CVSS 9.8
CVE-2021-46198 CRITICAL
Sourceodester Courier Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2021-46061 CRITICAL
Sourcecodester RSMS 1.0 - SQL Injection
CVSS 9.8
CVE-2021-44245 CRITICAL
COVID 19 Testing Management System 1.0 - SQL Injection via Username or Contactno Parameter
CVSS 9.8
CVE-2021-44244 CRITICAL
Sourcecodester Logistic Hub Parcel's Management System 1.0 - SQL Injection via Username Parameter
CVSS 9.8
CVE-2021-44092 CRITICAL
code-projects Pharmacy Management 1.0 - SQL Injection via Username Parameter
CVSS 9.8
CVE-2021-44090 CRITICAL
Sourcecodester Online Reviewer System 1.0 - SQL Injection via Password Parameter
CVSS 9.8
CVE-2021-46204 CRITICAL
taocms - SQL Injection via Article.php
CVSS 9.8
CVE-2021-38694 HIGH
SoftVibe SARABAN for INFOMA 1.1 - SQL Injection
CVSS 7.5
CVE-2021-25037 MEDIUM
All in One SEO WordPress <4.1.5.3 - Authenticated SQL Injection
CVSS 6.5
CVE-2021-45406 HIGH
SalonERP 3.0.1 - SQL Injection via Report Generation SQL Parameter
CVSS 8.8
CVE-2021-43971 HIGH
SysAid ITIL <20.4.74 b10 - SQL Injection
CVSS 8.8
CVE-2021-37197 HIGH
Siemens COMOS < 10.2, 10.3 < 10.3.3.3, 10.4 < 10.4.1 - SQL Injection in Web Component
CVSS 8.8
Details
Vulnerabilities 19,824
Exploit Likelihood High