CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,824 vulnerabilities with CWE-89
CVE-2021-25054 HIGH
WPcalc < 2.1 - Authenticated SQL Injection via 'did' Parameter
CVSS 8.8
CVE-2021-24949 CRITICAL
The Plus Addons for Elementor <5.0.7 - SQL Injection
CVSS 9.8
CVE-2021-24862 HIGH
Wordpress RegistrationMagic task_ids Authenticated SQLi
CVSS 7.2
CVE-2021-45334 CRITICAL
Sourcecodester Online Thesis Archiving System 1.0 - SQL Injection
CVSS 9.8
CVE-2021-39978 HIGH
HarmonyOS < 2.0 - SQL Injection in Telephony Application
CVSS 7.5
CVE-2021-25030 HIGH
Events Made Easy WordPress <2.2.36 - SQL Injection
CVSS 8.8
CVE-2021-25023 HIGH
WordPress Plugin <4.3.3.1 - SQL Injection
CVSS 7.2
CVE-2021-24786 HIGH
WordPress Download Monitor <4.4.5 - SQL Injection
CVSS 7.2
CVE-2021-36722 HIGH
Emuse eServices/eNvoice - SQL Injection
CVSS 7.1
CVE-2021-44161 HIGH
Changing MOTP >=3.5 - Unauthenticated SQL Injection via Specific Function Parameter
CVSS 8.8
CVE-2021-45814 CRITICAL
Nettmp NNT 5.1 - SQL Injection
CVSS 9.8
CVE-2021-24753 HIGH
Rich Reviews by Starfish <1.9.6 - SQL Injection
CVSS 7.2
CVE-2021-44600 HIGH
Simple Online Men's Salon Management System 1.0 - SQL Injection via Password Parameter
CVSS 7.5
CVE-2021-44599 HIGH
Online Enrollment Management System 1.0 - SQL Injection via ID Parameter
CVSS 7.5
CVE-2021-21937 MEDIUM
Advantech R-SeeNet - Authenticated SQL Injection via host_alt_filter Parameter
CVSS 6.5
CVE-2021-21936 HIGH
Advantech R-SeeNet - Authenticated SQL Injection via health_alt_filter Parameter
CVSS 8.8
CVE-2021-21935 MEDIUM
Advantech R-SeeNet - Authenticated SQL Injection via host_alt_filter2 Parameter
CVSS 6.5
CVE-2021-21934 MEDIUM
Advantech R-SeeNet - Authenticated SQL Injection via imei_filter Parameter
CVSS 6.5
CVE-2021-21933 MEDIUM
Advantech R-SeeNet - Authenticated SQL Injection via esn_filter Parameter
CVSS 6.5
CVE-2021-21932 MEDIUM
Advantech R-SeeNet - Authenticated SQL Injection via name_filter Parameter
CVSS 6.5
CVE-2021-21931 MEDIUM
Advantech R-SeeNet - Authenticated SQL Injection via stat_filter Parameter
CVSS 6.5
CVE-2021-21930 MEDIUM
Advantech R-SeeNet - Authenticated SQL Injection via sn_filter Parameter
CVSS 6.5
CVE-2021-21929 MEDIUM
Advantech R-SeeNet - Authenticated SQL Injection via prod_filter Parameter
CVSS 6.5
CVE-2021-21928 MEDIUM
Advantech R-SeeNet - Authenticated SQL Injection via mac_filter Parameter
CVSS 6.5
CVE-2021-21927 MEDIUM
Advantech R-SeeNet - Authenticated SQL Injection via loc_filter Parameter
CVSS 6.5
Details
Vulnerabilities 19,824
Exploit Likelihood High