CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,824 vulnerabilities with CWE-89
CVE-2021-44347 CRITICAL
TuziCMS 2.0.6 - SQL Injection in GuestbookController
CVSS 9.8
CVE-2021-25784 HIGH
Taocms v2.5Beta5 - SQL Injection via Edit Article Function
CVSS 7.2
CVE-2021-25783 HIGH
Taocms v2.5Beta5 - SQL Injection via Article Search Function
CVSS 7.2
CVE-2021-44050 MEDIUM
CA Network Flow Analysis < 21.2.2 - Authenticated SQL Injection
CVSS 6.5
CVE-2021-43679 CRITICAL
ecshop 2.7.3 - SQL Injection in api.php
CVSS 9.8
CVE-2021-43451 CRITICAL
PHPGURUKUL Employee Record Management System 1.2 - SQL Injection
CVSS 9.8
CVE-2021-44280 CRITICAL
attendance management system 1.0 - SQL Injection via makeSafe Function
CVSS 9.8
CVE-2021-36328 HIGH
Dell EMC Streaming Data Platform <1.3 - SQL Injection
CVSS 8.8
CVE-2021-41679 CRITICAL
openSIS 8.0 - SQL Injection via InputFinalGrades.php Period Parameter
CVSS 9.8
CVE-2021-41678 CRITICAL
openSIS 8.0 - SQL Injection via Staff.php staff[TITLE] Parameter
CVSS 9.8
CVE-2021-41677 CRITICAL
openSIS 8.0 - SQL Injection via Grade Parameter in GetStuListFnc.php
CVSS 9.8
CVE-2021-44427 CRITICAL
Rosariosis < 8.1.1 - SQL Injection
CVSS 9.8
CVE-2021-24915 CRITICAL
Contest Gallery WordPress <13.1.0.6 - SQL Injection
CVSS 9.8
CVE-2021-24889 HIGH
Ninja Forms Contact Form <3.6.4 - SQL Injection
CVSS 7.2
CVE-2021-24860 HIGH
BSK PDF Manager <3.1.2 - SQL Injection
CVSS 7.2
CVE-2021-24755 HIGH
myCred WordPress <2.3 - SQL Injection
CVSS 8.8
CVE-2021-24748 HIGH
Email Before Download WP <6.8 - SQL Injection
CVSS 8.8
CVE-2021-36807 HIGH
Sophos Unified Threat Management Up2Date < 9.708 - Authenticated SQL Injection
CVSS 8.8
CVE-2021-36916 HIGH
Hide My WP <= 6.2.3 - SQL Injection via Spoofed IP Address Headers
CVSS 8.6
CVE-2021-36300 MEDIUM
iDRAC9 <5.00.00.00 - Info Disclosure
CVSS 6.5
CVE-2021-36299 HIGH
Dell iDRAC9 <4.40.29.00-5.00.00.00 - SQL Injection
CVSS 7.1
CVE-2021-24877 HIGH
MainWP Child <4.1.8 - SQL Injection
CVSS 7.2
CVE-2021-3935 HIGH
pgbouncer < 1.16.1 - SQL Injection via Man-in-the-Middle Attack on Cert Authentication
CVSS 8.1
CVE-2021-43408 MEDIUM
Duplicate Post WordPress <1.1.9 - SQL Injection
CVSS 6.5
CVE-2021-44026 CRITICAL KEV
Roundcube < 1.3.17 and 1.4.x < 1.4.12 - SQL Injection via Search Parameters
CVSS 9.8
Details
Vulnerabilities 19,824
Exploit Likelihood High