CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,824 vulnerabilities with CWE-89
CVE-2021-24750
HIGH
WP Visitor Statistics <4.8 - SQL Injection
CVSS 8.8
CVE-2021-3860
HIGH
JFrog Artifactory <7.25.4 - SQL Injection
CVSS 8.8
CVE-2021-35234
HIGH
SolarWinds Orion Platform < 2020.2.5 - Authenticated SQL Injection
CVSS 8.0
CVE-2021-45041
HIGH
SuiteCRM < 7.12.2 and 8.x < 8.0.1 - Authenticated SQL Injection via Project Module Tooltips
CVSS 8.8
CVE-2021-40850
CRITICAL
TCMAN GIM - SQL Injection via WebService.asmx Methods
CVSS 10.0
CVE-2021-41843
MEDIUM
OpenEMR 6.0.0 - Authenticated SQL Injection via Calendar Search Provider ID Parameter
CVSS 6.5
CVE-2021-41262
HIGH
Galette < 0.9.6 - Authenticated SQL Injection
CVSS 8.8
CVE-2021-44350
CRITICAL
ThinkPHP 5.0.x-5.1.22 - SQL Injection via parseOrder Function
CVSS 9.8
CVE-2021-43806
HIGH
Tuleap < 13.2.99.155 and 13.1-1-13.1-6 - Authenticated SQL Injection in CVS Repository Commit Search
CVSS 8.8
CVE-2021-44655
CRITICAL
Online Pre-owned/Used Car Showroom Management System 1.0 - SQL Injection Authentication Bypass via Login Form
CVSS 9.8
CVE-2021-44653
CRITICAL
Online Magazine Management System 1.0 - SQL Injection Authentication Bypass via Login Form
CVSS 9.8
CVE-2021-42313
CRITICAL
Microsoft Defender for IoT < 10.5.2 - Remote Code Execution
CVSS 10.0
CVE-2021-42311
CRITICAL
Microsoft Defender for IoT < 10.5.2 - Remote Code Execution
CVSS 10.0
CVE-2021-41365
HIGH
Microsoft Defender for IoT < 10.5.2 - Remote Code Execution
CVSS 8.8
CVE-2021-42945
CRITICAL
ZZCMS 2021 - SQL Injection via askbigclassid Parameter
CVSS 9.8
CVE-2021-43830
HIGH
OpenProject >=12.0.0 - SQL Injection
CVSS 7.4
CVE-2021-42064
CRITICAL
SAP Commerce 1905, 2005, 2011, 2105 - SQL Injection via Flexible Search Java API Parameterized 'in' Clause
CVSS 9.8
CVE-2021-45014
CRITICAL
taocms 3.0.2 - SQL Injection via Background Update Parameter
CVSS 9.8
CVE-2021-43822
HIGH
Jackalope Doctrine-DBAL - SQL Injection
CVSS 8.5
CVE-2021-44966
CRITICAL
PHPGURUKUL Employee Record Management System 1.2 - SQL Injection Bypass Authentication via index.php
CVSS 9.8
CVE-2021-24951
CRITICAL
LearnPress < 4.1.4 - SQL Injection via Unsanitized ID Parameter
CVSS 9.8
CVE-2021-24946
CRITICAL
WordPress Modern Events Calendar SQLi Scanner
CVSS 9.8
CVE-2021-24863
CRITICAL
StopBadBots WordPress Plugin < 6.67 - SQL Injection via User Agent Parameter
CVSS 9.8
CVE-2021-24861
HIGH
Quotes Collection WP <2.5.2 - SQL Injection
CVSS 7.2
CVE-2021-24848
HIGH
Mediamatic WordPress <2.8.1 - SQL Injection
CVSS 8.8
Details
Vulnerabilities
19,824
Exploit Likelihood
High