CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,824 vulnerabilities with CWE-89
CVE-2021-40129 MEDIUM
Cisco Common Services Platform Collector < 2.9.1.1 - Authenticated SQL Injection via File Upload
CVSS 4.9
CVE-2021-41931 CRITICAL
Recruitment Management System - SQL Injection via id Parameter
CVSS 9.8
CVE-2021-24847 HIGH
SEO Redirection Plugin <8.2 - SQL Injection
CVSS 8.8
CVE-2021-24772 HIGH
Stream WordPress <3.8.2 - SQL Injection
CVSS 8.8
CVE-2021-24758 HIGH
Email Log WP <2.4.7 - SQL Injection
CVSS 8.8
CVE-2021-43362 CRITICAL
MedData HBYS < 1.1 - SQL Injection
CVSS 9.9
CVE-2021-43361 CRITICAL
MedData HBYS < 1.1 - SQL Injection
CVSS 9.9
CVE-2021-3958 CRITICAL
Ipack SCADA Software < 1.1.0 - Blind SQL Injection
CVSS 9.8
CVE-2021-42580 CRITICAL
Online Learning System 2.0 - SQL Injection Authentication Bypass and Authenticated File Upload
CVSS 9.8
CVE-2021-41765 CRITICAL
ResourceSpace 9.5-9.6 < rev 18274 - Unauthenticated SQL Injection via k Parameter
CVSS 9.8
CVE-2021-26795 HIGH
TalariaX sendQuick Alert Plus Server Admin < 4.3 - SQL Injection via Roster Time Parameter
CVSS 8.8
CVE-2021-41081 CRITICAL
Zoho ManageEngine Network Config Mgr <125465 - SQL Injection
CVSS 9.8
CVE-2021-41080 CRITICAL
Zoho ManageEngine Network Config Mgr <125465 - SQL Injection
CVSS 9.8
CVE-2021-24844 HIGH
WordPress Affiliates Manager <2.8.7 - SQL Injection
CVSS 7.2
CVE-2021-24835 HIGH
WCFM - Frontend Manager <6.5.12 - SQL Injection
CVSS 8.8
CVE-2021-24829 HIGH
Visitor Traffic Real Time Statistics < 3.9 - Authenticated SQL Injection via today_traffic_index AJAX Action
CVSS 8.8
CVE-2021-24827 CRITICAL
Asgaros Forum WP <1.15.13 - SQL Injection
CVSS 9.8
CVE-2021-24791 HIGH
Header Footer Code Manager <1.1.14 - SQL Injection
CVSS 7.2
CVE-2021-24731 CRITICAL
WordPress Plugin <3.7.1.6 - SQL Injection
CVSS 9.8
CVE-2021-24669 HIGH
MAZ Loader < 1.3.3 - Authenticated SQL Injection via loader_id Parameter
CVSS 8.8
CVE-2021-24631 HIGH
Unlimited PopUps < 4.5.3 - Authenticated SQL Injection via did GET Parameter
CVSS 8.8
CVE-2021-24630 HIGH
Schreikasten < 0.14.18 - Authenticated SQL Injection via id GET Parameter
CVSS 8.8
CVE-2021-24629 HIGH
Post Content XMLRPC < 1.0 - Authenticated SQL Injection via GET/POST Parameters
CVSS 7.2
CVE-2021-24628 HIGH
Wow Forms < 3.1.3 - Authenticated SQL Injection via 'did' GET Parameter
CVSS 7.2
CVE-2021-24627 HIGH
G Auto-Hyperlink < 1.0.1 - Authenticated SQL Injection via ID GET Parameter
CVSS 7.2
Details
Vulnerabilities 19,824
Exploit Likelihood High