CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,824 vulnerabilities with CWE-89
CVE-2021-24626
HIGH
Chameleon CSS < 1.2 - Authenticated Cross-Site Request Forgery and SQL Injection via AJAX Calls
CVSS 8.8
CVE-2021-24625
HIGH
SpiderCatalog < 1.7.3 - Authenticated SQL Injection via Parent and Ordering Parameters
CVSS 7.2
CVE-2021-24575
HIGH
WPSchoolPress < 2.1.10 - Authenticated SQL Injection via POST Variable
CVSS 8.8
CVE-2021-28022
HIGH
ServiceTonic Helpdesk < 9.0.35937 - SQL Injection
CVSS 7.5
CVE-2021-42077
CRITICAL
PHP Event Calendar < 2021-09-03 - SQL Injection via User Manager Username Parameter
CVSS 9.8
CVE-2021-34684
CRITICAL
Hitachi Vantara Pentaho < 9.1.0.0 - Unauthenticated SQL Injection via Dashboard Editor API
CVSS 9.8
CVE-2021-42670
CRITICAL
Engineers Online Portal - SQL Injection via Announcements Student ID Parameter
CVSS 9.8
CVE-2021-42668
CRITICAL
Engineers Online Portal - SQL Injection via id Parameter in my_classmates.php
CVSS 9.8
CVE-2021-42667
CRITICAL
Sourcecodester Online Event Booking and Reservation System - SQL Injection in Event Management Views
CVSS 9.8
CVE-2021-42666
HIGH
Sourcecodester Engineers Online Portal - SQL Injection via Quiz Question ID Parameter
CVSS 8.8
CVE-2021-42665
CRITICAL
Engineers Online Portal - SQL Injection via Login Form
CVSS 9.8
CVE-2021-41492
CRITICAL
Simple Cashiering System 1.0 - SQL Injection via Product Code, id Parameter, or t Parameter
CVSS 9.8
CVE-2021-43140
CRITICAL
Simple Subscription Website 1.0 - SQL Injection via Login
CVSS 9.8
CVE-2021-43130
CRITICAL
Sourcecodester CRM 1.0 - SQL Injection
CVSS 9.8
CVE-2021-36184
HIGH
Fortinet FortiWLM <8.6.1 - SQL Injection
CVSS 8.8
CVE-2021-41187
HIGH
DHIS 2 2.32.0-2.32.6 - Authenticated SQL Injection via Tracked Entity and Events API Endpoints
CVSS 8.1
CVE-2021-31849
HIGH
McAfee Data Loss Prevention Endpoint 11.6.0-11.6.400 - Authenticated SQL Injection via User Management Section
CVSS 8.4
CVE-2021-26739
CRITICAL
doyocms 2.3 - SQL Injection via pay.php Attribute Parameter
CVSS 9.8
CVE-2021-25874
HIGH
youphptube < 10.0 - Unauthenticated SQL Injection via catName Parameter
CVSS 7.5
CVE-2021-27644
HIGH
Apache DolphinScheduler <1.3.6 - SQL Injection
CVSS 8.8
CVE-2021-41746
HIGH
Yonyou TurboCRM - SQL Injection via orgcode Parameter
CVSS 7.5
CVE-2021-41676
CRITICAL
Pharmacy Point of Sale System 1.0 - SQL Injection in Login Function
CVSS 9.8
CVE-2021-41674
CRITICAL
e-negosyo_system - SQL Injection via user_email Parameter
CVSS 9.8
CVE-2021-39179
HIGH
DHIS2 2.32.0-2.32.6 - Authenticated SQL Injection via Tracker API Endpoints
CVSS 8.8
CVE-2021-37808
MEDIUM
News Portal Project 3.1 - SQL Injection via Category Subcategory Sucatdescription Username Parameters
CVSS 5.9
Details
Vulnerabilities
19,824
Exploit Likelihood
High