CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,824 vulnerabilities with CWE-89
CVE-2021-24747
HIGH
SEO Booster <3.8 - Authenticated SQL Injection
CVSS 7.2
CVE-2021-43608
CRITICAL
Doctrine DBAL 3.x <3.1.4 - SQL Injection
CVSS 9.8
CVE-2021-40282
HIGH
zzcms 8.2, 8.3, 2020, 2021 - SQL Injection in dl/dl_download.php
CVSS 8.8
CVE-2021-40281
HIGH
zzcms 8.2, 8.3, 2020, 2021 - SQL Injection via dl/dl_print.php
CVSS 8.8
CVE-2021-41695
CRITICAL
Premiumdatingscript 4.2.7.7 - SQL Injection via IP Parameter
CVSS 9.8
CVE-2021-40280
HIGH
zzcms 8.2, 8.3, 2020, 2021 - SQL Injection via id Parameter in admin/dl_sendmail.php
CVSS 7.2
CVE-2021-40279
HIGH
zzcms 8.2, 8.3, 2020, 2021 - SQL Injection via admin/bad.php id Parameter
CVSS 7.2
CVE-2021-3817
CRITICAL
WBCE CMS < 1.5.2 - SQL Injection
CVSS 9.8
CVE-2021-41063
CRITICAL
Aanderaa GeoView Webservice <2.1.3 - SQL Injection
CVSS 9.8
CVE-2021-40861
HIGH
Genesys IWD 9.0.017.07 - SQL Injection
CVSS 7.2
CVE-2021-40860
HIGH
Genesys IWD <9.0.013.11 - SQL Injection
CVSS 7.2
CVE-2021-42760
HIGH
Fortinet FortiWLM < 8.6.1 - SQL Injection via Crafted Requests
CVSS 8.8
CVE-2021-40578
HIGH
Online Enrollment Management System <1.0 - SQL Injection
CVSS 7.2
CVE-2021-43789
HIGH
PrestaShop <1.7.8.2 - SQL Injection
CVSS 7.5
CVE-2021-42131
HIGH
Ivanti Avalanche < 6.3.3 - SQL Injection via Inforail Service
CVSS 8.8
CVE-2021-29114
CRITICAL
Esri ArcGIS Server < 10.9.0 - Unauthenticated SQL Injection via Feature Service Queries
CVSS 9.8
CVE-2021-31632
CRITICAL
b2evolution CMS 7.2.3 - SQL Injection via cfqueryparam Parameter
CVSS 9.8
CVE-2021-40313
HIGH
Piwigo v11.5 - SQL Injection via pwg_token Parameter
CVSS 8.8
CVE-2021-24943
CRITICAL
Events Calendar <2.7.6 - SQL Injection
CVSS 9.8
CVE-2021-24931
CRITICAL
Wordpress Secure Copy Content Protection and Content Locking sccp_id Unauthenticated SQLi
CVSS 9.8
CVE-2021-24866
CRITICAL
WP Data Access <5.0.0 - SQL Injection
CVSS 9.8
CVE-2021-43035
CRITICAL
Kaseya Unitrends Backup Appliance <10.5.5 - SQL Injection
CVSS 9.8
CVE-2021-35414
CRITICAL
Chamilo LMS 1.11.0-1.11.16 - Unauthenticated SQL Injection via doc Parameter
CVSS 9.8
CVE-2021-44349
CRITICAL
TuziCMS 2.0.6 - SQL Injection via Download Controller id Parameter
CVSS 9.8
CVE-2021-44348
CRITICAL
TuziCMS 2.0.6 - SQL Injection via AdvertController id Parameter
CVSS 9.8
Details
Vulnerabilities
19,824
Exploit Likelihood
High