CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,824 vulnerabilities with CWE-89
CVE-2021-37807
HIGH
Online Shopping Portal 3.1 - SQL Injection via Email Parameter
CVSS 7.5
CVE-2021-37806
MEDIUM
phpgurukul Vehicle Parking Management System 1.0 - SQL Injection via editid, viewid, or catename Parameters
CVSS 5.9
CVE-2021-37803
HIGH
Sourcecodester Online Covid Vaccination Scheduler System 1.0 - SQL Injection via Username Parameter
CVSS 8.1
CVE-2021-37371
CRITICAL
Online Student Admission System 1.0 - Unauthenticated SQL Injection in /admin/login.php
CVSS 9.8
CVE-2021-26609
HIGH
Mangboard < 2.0.0 - SQL Injection via order_type Parameter
CVSS 7.5
CVE-2021-24774
HIGH
WordPress Plugin <1.0.3 - SQL Injection
CVSS 7.2
CVE-2021-24769
HIGH
Permalink Manager Lite <2.2.13.1 - SQL Injection
CVSS 7.2
CVE-2021-24662
HIGH
Game Server Status WordPress Plugin < 1.0 - Authenticated SQL Injection via server_id Parameter
CVSS 7.2
CVE-2021-42258
CRITICAL
KEV
BQE BillQuick Web Suite 2018-2021 < 22.0.9.1 - Unauthenticated SQL Injection via txtID Parameter
CVSS 9.8
CVE-2021-42169
CRITICAL
Simple Payroll System with Dynamic Tax Bracket - SQL Injection via Login Username Parameter
CVSS 9.8
CVE-2021-38481
HIGH
versiondog < 8.0.0 - SQL Injection via Scheduler Service JOB ID Parameter
CVSS 8.1
CVE-2021-41155
HIGH
Tuleap <11.17.99.146 - SQL Injection
CVSS 8.8
CVE-2021-41154
HIGH
Tuleap <11.17.99.144 - SQL Injection
CVSS 8.8
CVE-2021-41971
HIGH
Apache Superset <= 1.3.0 - Authenticated SQL Injection via Custom URL
CVSS 8.8
CVE-2021-24754
HIGH
MainWP Child Reports <2.0.8 - SQL Injection
CVSS 7.2
CVE-2021-40993
HIGH
Aruba ClearPass Policy Manager 6.8.0-6.8.8, 6.9.0-6.9.6, 6.10.0-6.10.1 - SQL Injection
CVSS 8.1
CVE-2021-41148
HIGH
Tuleap <11.16.99.173 & <11.16-6 & <11.15-8 - SQL Injection
CVSS 8.8
CVE-2021-41147
HIGH
Tuleap <11.16.99.173 & <11.16-6 & <11.15-8 - SQL Injection
CVSS 7.2
CVE-2021-40992
HIGH
Aruba ClearPass Policy Manager 6.8.0-6.8.8, 6.9.0-6.9.6, 6.10.0-6.10.1 - SQL Injection
CVSS 7.2
CVE-2021-37737
HIGH
Aruba ClearPass Policy Manager 6.8.0-6.8.8 - SQL Injection
CVSS 8.8
CVE-2021-42334
HIGH
Easytest Online Learning Test Platform - Authenticated SQL Injection via Elective Course Management Parameters
CVSS 8.8
CVE-2021-42333
HIGH
Easytest Online Learning Test Platform - Authenticated SQL Injection via Learning History Page Parameters
CVSS 8.8
CVE-2021-42369
CRITICAL
Imagicle Application Suite for Cisco UC < 2021.summer.2 - Authenticated SQL Injection via Contact Manager CSV Export
CVSS 9.9
CVE-2021-33177
HIGH
Nagios XI < 5.8.5 - Authenticated SQL Injection via Bulk Modifications
CVSS 8.8
CVE-2021-41075
CRITICAL
Zoho ManageEngine OpManger <125455 - SQL Injection
CVSS 9.8
Details
Vulnerabilities
19,824
Exploit Likelihood
High