CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,824 vulnerabilities with CWE-89
CVE-2021-44347
CRITICAL
TuziCMS 2.0.6 - SQL Injection in GuestbookController
CVSS 9.8
CVE-2021-25784
HIGH
Taocms v2.5Beta5 - SQL Injection via Edit Article Function
CVSS 7.2
CVE-2021-25783
HIGH
Taocms v2.5Beta5 - SQL Injection via Article Search Function
CVSS 7.2
CVE-2021-44050
MEDIUM
CA Network Flow Analysis < 21.2.2 - Authenticated SQL Injection
CVSS 6.5
CVE-2021-43679
CRITICAL
ecshop 2.7.3 - SQL Injection in api.php
CVSS 9.8
CVE-2021-43451
CRITICAL
PHPGURUKUL Employee Record Management System 1.2 - SQL Injection
CVSS 9.8
CVE-2021-44280
CRITICAL
attendance management system 1.0 - SQL Injection via makeSafe Function
CVSS 9.8
CVE-2021-36328
HIGH
Dell EMC Streaming Data Platform <1.3 - SQL Injection
CVSS 8.8
CVE-2021-41679
CRITICAL
openSIS 8.0 - SQL Injection via InputFinalGrades.php Period Parameter
CVSS 9.8
CVE-2021-41678
CRITICAL
openSIS 8.0 - SQL Injection via Staff.php staff[TITLE] Parameter
CVSS 9.8
CVE-2021-41677
CRITICAL
openSIS 8.0 - SQL Injection via Grade Parameter in GetStuListFnc.php
CVSS 9.8
CVE-2021-44427
CRITICAL
Rosariosis < 8.1.1 - SQL Injection
CVSS 9.8
CVE-2021-24915
CRITICAL
Contest Gallery WordPress <13.1.0.6 - SQL Injection
CVSS 9.8
CVE-2021-24889
HIGH
Ninja Forms Contact Form <3.6.4 - SQL Injection
CVSS 7.2
CVE-2021-24860
HIGH
BSK PDF Manager <3.1.2 - SQL Injection
CVSS 7.2
CVE-2021-24755
HIGH
myCred WordPress <2.3 - SQL Injection
CVSS 8.8
CVE-2021-24748
HIGH
Email Before Download WP <6.8 - SQL Injection
CVSS 8.8
CVE-2021-36807
HIGH
Sophos Unified Threat Management Up2Date < 9.708 - Authenticated SQL Injection
CVSS 8.8
CVE-2021-36916
HIGH
Hide My WP <= 6.2.3 - SQL Injection via Spoofed IP Address Headers
CVSS 8.6
CVE-2021-36300
MEDIUM
iDRAC9 <5.00.00.00 - Info Disclosure
CVSS 6.5
CVE-2021-36299
HIGH
Dell iDRAC9 <4.40.29.00-5.00.00.00 - SQL Injection
CVSS 7.1
CVE-2021-24877
HIGH
MainWP Child <4.1.8 - SQL Injection
CVSS 7.2
CVE-2021-3935
HIGH
pgbouncer < 1.16.1 - SQL Injection via Man-in-the-Middle Attack on Cert Authentication
CVSS 8.1
CVE-2021-43408
MEDIUM
Duplicate Post WordPress <1.1.9 - SQL Injection
CVSS 6.5
CVE-2021-44026
CRITICAL
KEV
Roundcube < 1.3.17 and 1.4.x < 1.4.12 - SQL Injection via Search Parameters
CVSS 9.8
Details
Vulnerabilities
19,824
Exploit Likelihood
High