CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,824 vulnerabilities with CWE-89
CVE-2021-40129
MEDIUM
Cisco Common Services Platform Collector < 2.9.1.1 - Authenticated SQL Injection via File Upload
CVSS 4.9
CVE-2021-41931
CRITICAL
Recruitment Management System - SQL Injection via id Parameter
CVSS 9.8
CVE-2021-24847
HIGH
SEO Redirection Plugin <8.2 - SQL Injection
CVSS 8.8
CVE-2021-24772
HIGH
Stream WordPress <3.8.2 - SQL Injection
CVSS 8.8
CVE-2021-24758
HIGH
Email Log WP <2.4.7 - SQL Injection
CVSS 8.8
CVE-2021-43362
CRITICAL
MedData HBYS < 1.1 - SQL Injection
CVSS 9.9
CVE-2021-43361
CRITICAL
MedData HBYS < 1.1 - SQL Injection
CVSS 9.9
CVE-2021-3958
CRITICAL
Ipack SCADA Software < 1.1.0 - Blind SQL Injection
CVSS 9.8
CVE-2021-42580
CRITICAL
Online Learning System 2.0 - SQL Injection Authentication Bypass and Authenticated File Upload
CVSS 9.8
CVE-2021-41765
CRITICAL
ResourceSpace 9.5-9.6 < rev 18274 - Unauthenticated SQL Injection via k Parameter
CVSS 9.8
CVE-2021-26795
HIGH
TalariaX sendQuick Alert Plus Server Admin < 4.3 - SQL Injection via Roster Time Parameter
CVSS 8.8
CVE-2021-41081
CRITICAL
Zoho ManageEngine Network Config Mgr <125465 - SQL Injection
CVSS 9.8
CVE-2021-41080
CRITICAL
Zoho ManageEngine Network Config Mgr <125465 - SQL Injection
CVSS 9.8
CVE-2021-24844
HIGH
WordPress Affiliates Manager <2.8.7 - SQL Injection
CVSS 7.2
CVE-2021-24835
HIGH
WCFM - Frontend Manager <6.5.12 - SQL Injection
CVSS 8.8
CVE-2021-24829
HIGH
Visitor Traffic Real Time Statistics < 3.9 - Authenticated SQL Injection via today_traffic_index AJAX Action
CVSS 8.8
CVE-2021-24827
CRITICAL
Asgaros Forum WP <1.15.13 - SQL Injection
CVSS 9.8
CVE-2021-24791
HIGH
Header Footer Code Manager <1.1.14 - SQL Injection
CVSS 7.2
CVE-2021-24731
CRITICAL
WordPress Plugin <3.7.1.6 - SQL Injection
CVSS 9.8
CVE-2021-24669
HIGH
MAZ Loader < 1.3.3 - Authenticated SQL Injection via loader_id Parameter
CVSS 8.8
CVE-2021-24631
HIGH
Unlimited PopUps < 4.5.3 - Authenticated SQL Injection via did GET Parameter
CVSS 8.8
CVE-2021-24630
HIGH
Schreikasten < 0.14.18 - Authenticated SQL Injection via id GET Parameter
CVSS 8.8
CVE-2021-24629
HIGH
Post Content XMLRPC < 1.0 - Authenticated SQL Injection via GET/POST Parameters
CVSS 7.2
CVE-2021-24628
HIGH
Wow Forms < 3.1.3 - Authenticated SQL Injection via 'did' GET Parameter
CVSS 7.2
CVE-2021-24627
HIGH
G Auto-Hyperlink < 1.0.1 - Authenticated SQL Injection via ID GET Parameter
CVSS 7.2
Details
Vulnerabilities
19,824
Exploit Likelihood
High