CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,824 vulnerabilities with CWE-89
CVE-2021-37807 HIGH
Online Shopping Portal 3.1 - SQL Injection via Email Parameter
CVSS 7.5
CVE-2021-37806 MEDIUM
phpgurukul Vehicle Parking Management System 1.0 - SQL Injection via editid, viewid, or catename Parameters
CVSS 5.9
CVE-2021-37803 HIGH
Sourcecodester Online Covid Vaccination Scheduler System 1.0 - SQL Injection via Username Parameter
CVSS 8.1
CVE-2021-37371 CRITICAL
Online Student Admission System 1.0 - Unauthenticated SQL Injection in /admin/login.php
CVSS 9.8
CVE-2021-26609 HIGH
Mangboard < 2.0.0 - SQL Injection via order_type Parameter
CVSS 7.5
CVE-2021-24774 HIGH
WordPress Plugin <1.0.3 - SQL Injection
CVSS 7.2
CVE-2021-24769 HIGH
Permalink Manager Lite <2.2.13.1 - SQL Injection
CVSS 7.2
CVE-2021-24662 HIGH
Game Server Status WordPress Plugin < 1.0 - Authenticated SQL Injection via server_id Parameter
CVSS 7.2
CVE-2021-42258 CRITICAL KEV
BQE BillQuick Web Suite 2018-2021 < 22.0.9.1 - Unauthenticated SQL Injection via txtID Parameter
CVSS 9.8
CVE-2021-42169 CRITICAL
Simple Payroll System with Dynamic Tax Bracket - SQL Injection via Login Username Parameter
CVSS 9.8
CVE-2021-38481 HIGH
versiondog < 8.0.0 - SQL Injection via Scheduler Service JOB ID Parameter
CVSS 8.1
CVE-2021-41155 HIGH
Tuleap <11.17.99.146 - SQL Injection
CVSS 8.8
CVE-2021-41154 HIGH
Tuleap <11.17.99.144 - SQL Injection
CVSS 8.8
CVE-2021-41971 HIGH
Apache Superset <= 1.3.0 - Authenticated SQL Injection via Custom URL
CVSS 8.8
CVE-2021-24754 HIGH
MainWP Child Reports <2.0.8 - SQL Injection
CVSS 7.2
CVE-2021-40993 HIGH
Aruba ClearPass Policy Manager 6.8.0-6.8.8, 6.9.0-6.9.6, 6.10.0-6.10.1 - SQL Injection
CVSS 8.1
CVE-2021-41148 HIGH
Tuleap <11.16.99.173 & <11.16-6 & <11.15-8 - SQL Injection
CVSS 8.8
CVE-2021-41147 HIGH
Tuleap <11.16.99.173 & <11.16-6 & <11.15-8 - SQL Injection
CVSS 7.2
CVE-2021-40992 HIGH
Aruba ClearPass Policy Manager 6.8.0-6.8.8, 6.9.0-6.9.6, 6.10.0-6.10.1 - SQL Injection
CVSS 7.2
CVE-2021-37737 HIGH
Aruba ClearPass Policy Manager 6.8.0-6.8.8 - SQL Injection
CVSS 8.8
CVE-2021-42334 HIGH
Easytest Online Learning Test Platform - Authenticated SQL Injection via Elective Course Management Parameters
CVSS 8.8
CVE-2021-42333 HIGH
Easytest Online Learning Test Platform - Authenticated SQL Injection via Learning History Page Parameters
CVSS 8.8
CVE-2021-42369 CRITICAL
Imagicle Application Suite for Cisco UC < 2021.summer.2 - Authenticated SQL Injection via Contact Manager CSV Export
CVSS 9.9
CVE-2021-33177 HIGH
Nagios XI < 5.8.5 - Authenticated SQL Injection via Bulk Modifications
CVSS 8.8
CVE-2021-41075 CRITICAL
Zoho ManageEngine OpManger <125455 - SQL Injection
CVSS 9.8
Details
Vulnerabilities 19,824
Exploit Likelihood High