CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,824 vulnerabilities with CWE-89
CVE-2021-24750 HIGH
WP Visitor Statistics <4.8 - SQL Injection
CVSS 8.8
CVE-2021-3860 HIGH
JFrog Artifactory <7.25.4 - SQL Injection
CVSS 8.8
CVE-2021-35234 HIGH
SolarWinds Orion Platform < 2020.2.5 - Authenticated SQL Injection
CVSS 8.0
CVE-2021-45041 HIGH
SuiteCRM < 7.12.2 and 8.x < 8.0.1 - Authenticated SQL Injection via Project Module Tooltips
CVSS 8.8
CVE-2021-40850 CRITICAL
TCMAN GIM - SQL Injection via WebService.asmx Methods
CVSS 10.0
CVE-2021-41843 MEDIUM
OpenEMR 6.0.0 - Authenticated SQL Injection via Calendar Search Provider ID Parameter
CVSS 6.5
CVE-2021-41262 HIGH
Galette < 0.9.6 - Authenticated SQL Injection
CVSS 8.8
CVE-2021-44350 CRITICAL
ThinkPHP 5.0.x-5.1.22 - SQL Injection via parseOrder Function
CVSS 9.8
CVE-2021-43806 HIGH
Tuleap < 13.2.99.155 and 13.1-1-13.1-6 - Authenticated SQL Injection in CVS Repository Commit Search
CVSS 8.8
CVE-2021-44655 CRITICAL
Online Pre-owned/Used Car Showroom Management System 1.0 - SQL Injection Authentication Bypass via Login Form
CVSS 9.8
CVE-2021-44653 CRITICAL
Online Magazine Management System 1.0 - SQL Injection Authentication Bypass via Login Form
CVSS 9.8
CVE-2021-42313 CRITICAL
Microsoft Defender for IoT < 10.5.2 - Remote Code Execution
CVSS 10.0
CVE-2021-42311 CRITICAL
Microsoft Defender for IoT < 10.5.2 - Remote Code Execution
CVSS 10.0
CVE-2021-41365 HIGH
Microsoft Defender for IoT < 10.5.2 - Remote Code Execution
CVSS 8.8
CVE-2021-42945 CRITICAL
ZZCMS 2021 - SQL Injection via askbigclassid Parameter
CVSS 9.8
CVE-2021-43830 HIGH
OpenProject >=12.0.0 - SQL Injection
CVSS 7.4
CVE-2021-42064 CRITICAL
SAP Commerce 1905, 2005, 2011, 2105 - SQL Injection via Flexible Search Java API Parameterized 'in' Clause
CVSS 9.8
CVE-2021-45014 CRITICAL
taocms 3.0.2 - SQL Injection via Background Update Parameter
CVSS 9.8
CVE-2021-43822 HIGH
Jackalope Doctrine-DBAL - SQL Injection
CVSS 8.5
CVE-2021-44966 CRITICAL
PHPGURUKUL Employee Record Management System 1.2 - SQL Injection Bypass Authentication via index.php
CVSS 9.8
CVE-2021-24951 CRITICAL
LearnPress < 4.1.4 - SQL Injection via Unsanitized ID Parameter
CVSS 9.8
CVE-2021-24946 CRITICAL
WordPress Modern Events Calendar SQLi Scanner
CVSS 9.8
CVE-2021-24863 CRITICAL
StopBadBots WordPress Plugin < 6.67 - SQL Injection via User Agent Parameter
CVSS 9.8
CVE-2021-24861 HIGH
Quotes Collection WP <2.5.2 - SQL Injection
CVSS 7.2
CVE-2021-24848 HIGH
Mediamatic WordPress <2.8.1 - SQL Injection
CVSS 8.8
Details
Vulnerabilities 19,824
Exploit Likelihood High