CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,824 vulnerabilities with CWE-89
CVE-2021-24465 HIGH
Meow Gallery < 4.1.9 - Authenticated SQL Injection via Gallery Shortcode ids Attribute
CVSS 8.1
CVE-2021-41845 MEDIUM
Thycotic Secret Server 10.9.000032-11.0.000006 - SQL Injection
CVSS 6.5
CVE-2021-41647 CRITICAL
Online Food Ordering Web App 1.0 - Unauthenticated SQL Injection via Login Username Parameter
CVSS 9.1
CVE-2021-41649 CRITICAL
online-shopping-system-advanced - Unauthenticated SQL Injection via cat_id Parameter
CVSS 9.8
CVE-2021-41648 HIGH
online-shopping-system-advanced - Unauthenticated SQL Injection via action.php prId Parameter
CVSS 7.5
CVE-2021-41288 CRITICAL
Zoho ManageEngine OpManager <125466 - SQL Injection
CVSS 9.8
CVE-2021-38303 CRITICAL
Sureline SUREedge Migrator <7.0.7.29360 - SQL Injection
CVSS 9.8
CVE-2021-36880 HIGH
uListing <= 2.0.3 - Unauthenticated SQL Injection via Custom Parameter
CVSS 8.6
CVE-2021-24666 CRITICAL
Podlove Podcast Publisher < 3.5.6 - SQL Injection via Social & Donations Module REST Route
CVSS 9.8
CVE-2021-40309 HIGH
OpenSIS 8.0 - Authenticated SQL Injection via cp_id_miss_attn Parameter
CVSS 8.8
CVE-2021-40674 CRITICAL
wuzhicms v4.1.0 - SQL Injection via KeyValue Parameter
CVSS 9.8
CVE-2021-24741 CRITICAL
Support Board WordPress <3.3.4 - SQL Injection
CVSS 9.8
CVE-2021-24606 HIGH
Availability Calendar < 1.2.1 - SQL Injection via Shortcode Category Attribute
CVSS 8.8
CVE-2021-24511 HIGH
Product Feed on WooCommerce < 3.3.1.0 - SQL Injection via product_id POST Parameter
CVSS 7.2
CVE-2021-24404 HIGH
WP-Board < 1.1 - SQL Injection via options.php postid Parameter
CVSS 8.8
CVE-2021-24403 HIGH
Wpagecontact < 1.0 - SQL Injection
CVSS 7.2
CVE-2021-24402 HIGH
WP iCommerce < 1.1.1 - SQL Injection via Orders order_id Parameter
CVSS 7.2
CVE-2021-24401 HIGH
WP Domain Redirect < 1.0 - SQL Injection via Edit Domain editid Parameter
CVSS 7.2
CVE-2021-24400 HIGH
Display Users < 2.0.0 - SQL Injection via Edit Role ID Parameter
CVSS 7.2
CVE-2021-24399 HIGH
The Sorter WordPress Plugin < 1.0 - SQL Injection via area_id Parameter
CVSS 7.2
CVE-2021-24398 HIGH
Responsive 3D Slider < 1.2 - SQL Injection via Add New Scene ID Parameter
CVSS 7.2
CVE-2021-24397 HIGH
MicroCopy < 1.1.0 - SQL Injection via ID Parameter
CVSS 7.2
CVE-2021-24396 HIGH
GSEOR - WordPress SEO Plugin < 1.3 - SQL Injection via Pageid GET Parameter
CVSS 7.2
CVE-2021-40670 CRITICAL
Wuzhi CMS 4.1.0 - SQL Injection
CVSS 9.8
CVE-2021-40669 CRITICAL
Wuzhi CMS 4.1.0 - SQL Injection
CVSS 9.8
Details
Vulnerabilities 19,824
Exploit Likelihood High