CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,824 vulnerabilities with CWE-89
CVE-2021-21926 MEDIUM
Advantech R-SeeNet - Authenticated SQL Injection via Health Filter Parameter
CVSS 6.5
CVE-2021-21925 MEDIUM
Advantech R-SeeNet - Authenticated SQL Injection via firm_filter Parameter
CVSS 6.5
CVE-2021-21924 MEDIUM
Advantech R-SeeNet - Authenticated SQL Injection via desc_filter Parameter
CVSS 6.5
CVE-2021-21923 MEDIUM
Advantech R-SeeNet - Authenticated SQL Injection via Company Filter Parameter
CVSS 4.9
CVE-2021-21922 MEDIUM
Advantech R-SeeNet - Authenticated SQL Injection via Username Filter Parameter
CVSS 6.5
CVE-2021-21921 MEDIUM
Advantech R-SeeNet - Authenticated SQL Injection via Name Filter Parameter
CVSS 4.9
CVE-2021-21920 MEDIUM
Advantech R-SeeNet - Authenticated SQL Injection via Surname Filter Parameter
CVSS 4.9
CVE-2021-21919 MEDIUM
Advantech R-SeeNet - Authenticated SQL Injection via ord Parameter
CVSS 4.9
CVE-2021-21918 MEDIUM
Advantech R-SeeNet - Authenticated SQL Injection via name_filter Parameter
CVSS 4.9
CVE-2021-21917 HIGH
Advantech R-SeeNet 2.4.15 - Authenticated SQL Injection via 'ord' Parameter
CVSS 8.8
CVE-2021-21916 HIGH
Advantech R-SeeNet 2.4.15 - Authenticated SQL Injection via Group List Description Filter
CVSS 8.8
CVE-2021-21915 HIGH
Advantech R-SeeNet 2.4.15 - Authenticated SQL Injection via Group List Page Company Filter Parameter
CVSS 8.8
CVE-2021-43631 CRITICAL
Projectworlds Hospital Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2021-43630 HIGH
Projectworlds Hospital Management System v1.0 - SQL Injection
CVSS 8.8
CVE-2021-43629 CRITICAL
Projectworlds Hospital Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2021-43628 CRITICAL
Projectworlds Hospital Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2021-43157 CRITICAL
Projectsworlds Online Shopping System PHP 1.0 - SQL Injection
CVSS 9.8
CVE-2021-43155 CRITICAL
Projectsworlds Online Book Store PHP <1.0 - SQL Injection
CVSS 9.8
CVE-2021-43851 HIGH
Anuko Time Tracker <1.19.33.5606 - SQL Injection
CVSS 8.1
CVE-2021-44874 HIGH
Dalmark Systems Systeam 2.22.8 build 1724 - Authenticated SQL Injection via BI Report Endpoint
CVSS 8.8
CVE-2021-45255 CRITICAL
Video Sharing Website 1.0 - SQL Injection via Email Parameter
CVSS 9.8
CVE-2021-45253 CRITICAL
Simple Cold Storage Management System 1.0 - SQL Injection via view_storage.php id Parameter
CVSS 9.8
CVE-2021-45252 CRITICAL
Simple Forum-Discussion System 1.0 - SQL Injection in manage_topic.php, manage_user.php, and ajax.php
CVSS 9.8
CVE-2021-24849 CRITICAL
WCFM Marketplace <3.4.12 - SQL Injection
CVSS 9.8
CVE-2021-24846 HIGH
Ni WooCommerce Custom Order Status <1.9.7 - SQL Injection
CVSS 8.8
Details
Vulnerabilities 19,824
Exploit Likelihood High