CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,824 vulnerabilities with CWE-89
CVE-2021-24747 HIGH
SEO Booster <3.8 - Authenticated SQL Injection
CVSS 7.2
CVE-2021-43608 CRITICAL
Doctrine DBAL 3.x <3.1.4 - SQL Injection
CVSS 9.8
CVE-2021-40282 HIGH
zzcms 8.2, 8.3, 2020, 2021 - SQL Injection in dl/dl_download.php
CVSS 8.8
CVE-2021-40281 HIGH
zzcms 8.2, 8.3, 2020, 2021 - SQL Injection via dl/dl_print.php
CVSS 8.8
CVE-2021-41695 CRITICAL
Premiumdatingscript 4.2.7.7 - SQL Injection via IP Parameter
CVSS 9.8
CVE-2021-40280 HIGH
zzcms 8.2, 8.3, 2020, 2021 - SQL Injection via id Parameter in admin/dl_sendmail.php
CVSS 7.2
CVE-2021-40279 HIGH
zzcms 8.2, 8.3, 2020, 2021 - SQL Injection via admin/bad.php id Parameter
CVSS 7.2
CVE-2021-3817 CRITICAL
WBCE CMS < 1.5.2 - SQL Injection
CVSS 9.8
CVE-2021-41063 CRITICAL
Aanderaa GeoView Webservice <2.1.3 - SQL Injection
CVSS 9.8
CVE-2021-40861 HIGH
Genesys IWD 9.0.017.07 - SQL Injection
CVSS 7.2
CVE-2021-40860 HIGH
Genesys IWD <9.0.013.11 - SQL Injection
CVSS 7.2
CVE-2021-42760 HIGH
Fortinet FortiWLM < 8.6.1 - SQL Injection via Crafted Requests
CVSS 8.8
CVE-2021-40578 HIGH
Online Enrollment Management System <1.0 - SQL Injection
CVSS 7.2
CVE-2021-43789 HIGH
PrestaShop <1.7.8.2 - SQL Injection
CVSS 7.5
CVE-2021-42131 HIGH
Ivanti Avalanche < 6.3.3 - SQL Injection via Inforail Service
CVSS 8.8
CVE-2021-29114 CRITICAL
Esri ArcGIS Server < 10.9.0 - Unauthenticated SQL Injection via Feature Service Queries
CVSS 9.8
CVE-2021-31632 CRITICAL
b2evolution CMS 7.2.3 - SQL Injection via cfqueryparam Parameter
CVSS 9.8
CVE-2021-40313 HIGH
Piwigo v11.5 - SQL Injection via pwg_token Parameter
CVSS 8.8
CVE-2021-24943 CRITICAL
Events Calendar <2.7.6 - SQL Injection
CVSS 9.8
CVE-2021-24931 CRITICAL
Wordpress Secure Copy Content Protection and Content Locking sccp_id Unauthenticated SQLi
CVSS 9.8
CVE-2021-24866 CRITICAL
WP Data Access <5.0.0 - SQL Injection
CVSS 9.8
CVE-2021-43035 CRITICAL
Kaseya Unitrends Backup Appliance <10.5.5 - SQL Injection
CVSS 9.8
CVE-2021-35414 CRITICAL
Chamilo LMS 1.11.0-1.11.16 - Unauthenticated SQL Injection via doc Parameter
CVSS 9.8
CVE-2021-44349 CRITICAL
TuziCMS 2.0.6 - SQL Injection via Download Controller id Parameter
CVSS 9.8
CVE-2021-44348 CRITICAL
TuziCMS 2.0.6 - SQL Injection via AdvertController id Parameter
CVSS 9.8
Details
Vulnerabilities 19,824
Exploit Likelihood High