CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,824 vulnerabilities with CWE-89
CVE-2021-25076
HIGH
WP User Frontend <3.5.26 - SQL Injection
CVSS 8.8
CVE-2021-25045
HIGH
Asgaros Forum <1.15.15 - SQL Injection
CVSS 7.2
CVE-2021-24865
HIGH
Advanced Custom Fields: Extended <0.8.8.7 - SQL Injection
CVSS 7.2
CVE-2021-24858
HIGH
Cookie Notification Plugin <1.0.9 - SQL Injection
CVSS 7.2
CVE-2021-46024
CRITICAL
Projectworlds online-shopping-webvsite-in-php 1.0 - SQL Injection
CVSS 9.8
CVE-2021-40595
CRITICAL
Sourcecodester Online Leave Management System v1 - SQL Injection
CVSS 9.8
CVE-2021-44593
HIGH
Simple College Website 1.0 - Unauthenticated Remote Code Execution via UNION-based SQL Injection in Username Parameter
CVSS 8.1
CVE-2021-40247
CRITICAL
Sourcecodester Budget and Expense Tracker System <v1 - SQL Injection
CVSS 9.8
CVE-2021-46309
CRITICAL
Employee and Visitor Gate Pass Logging System 1.0 - SQL Injection via Username Parameter
CVSS 9.8
CVE-2021-46308
CRITICAL
Sourcecodester Online Railway Reservation Sysytem 1.0 - SQL Injection
CVSS 9.8
CVE-2021-46307
CRITICAL
Projectworlds Online Examination System 1.0 - SQL Injection
CVSS 9.8
CVE-2021-46201
CRITICAL
Sourcecodester Online Resort Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2021-46200
CRITICAL
Sourcecodester Simple Music Clour Community System 1.0 - SQL Injection
CVSS 9.8
CVE-2021-46198
CRITICAL
Sourceodester Courier Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2021-46061
CRITICAL
Sourcecodester RSMS 1.0 - SQL Injection
CVSS 9.8
CVE-2021-44245
CRITICAL
COVID 19 Testing Management System 1.0 - SQL Injection via Username or Contactno Parameter
CVSS 9.8
CVE-2021-44244
CRITICAL
Sourcecodester Logistic Hub Parcel's Management System 1.0 - SQL Injection via Username Parameter
CVSS 9.8
CVE-2021-44092
CRITICAL
code-projects Pharmacy Management 1.0 - SQL Injection via Username Parameter
CVSS 9.8
CVE-2021-44090
CRITICAL
Sourcecodester Online Reviewer System 1.0 - SQL Injection via Password Parameter
CVSS 9.8
CVE-2021-46204
CRITICAL
taocms - SQL Injection via Article.php
CVSS 9.8
CVE-2021-38694
HIGH
SoftVibe SARABAN for INFOMA 1.1 - SQL Injection
CVSS 7.5
CVE-2021-25037
MEDIUM
All in One SEO WordPress <4.1.5.3 - Authenticated SQL Injection
CVSS 6.5
CVE-2021-45406
HIGH
SalonERP 3.0.1 - SQL Injection via Report Generation SQL Parameter
CVSS 8.8
CVE-2021-43971
HIGH
SysAid ITIL <20.4.74 b10 - SQL Injection
CVSS 8.8
CVE-2021-37197
HIGH
Siemens COMOS < 10.2, 10.3 < 10.3.3.3, 10.4 < 10.4.1 - SQL Injection in Web Component
CVSS 8.8
Details
Vulnerabilities
19,824
Exploit Likelihood
High