CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,824 vulnerabilities with CWE-89
CVE-2021-33701 CRITICAL
SAP DMIS and S/4HANA - Authenticated SQL Injection via NDZT Tool Query Manipulation
CVSS 9.1
CVE-2021-23040 HIGH
BIG-IP AFM 12.1.0-12.1.5 - SQL Injection in Configuration Utility
CVSS 8.8
CVE-2021-38176 HIGH
SAP Landscape Transformation - NZDT ABAP Code Injection
CVSS 8.8
CVE-2021-33688 MEDIUM
SAP Business One - Authenticated SQL Injection
CVSS 4.3
CVE-2021-38833 CRITICAL
PHPGurukul AVMS <1.0 - SQL Injection
CVSS 9.8
CVE-2021-24728 HIGH
Cozmoslabs Membership & Content Restriction - Paid Member Subscriptions < 2.4.2 - SQL Injection
CVSS 8.8
CVE-2021-24727 HIGH
StopBadBots WP <6.60 - Authenticated SQL Injection
CVSS 8.8
CVE-2021-24726 HIGH
WP Simple Booking Calendar <2.0.6 - SQL Injection
CVSS 8.8
CVE-2021-37422 CRITICAL
ManageEngine ADSelfService Plus <= 6111 - SQL Injection
CVSS 9.8
CVE-2021-38324 HIGH
SP Rental Manager <1.5.3 - SQL Injection
CVSS 8.2
CVE-2021-38727 CRITICAL
FUEL CMS 1.5.0 - SQL Injection via 'col' Parameter in Logs Endpoint
CVSS 9.8
CVE-2021-38723 HIGH
FUEL CMS 1.5.0 - SQL Injection via 'col' Parameter
CVSS 8.8
CVE-2021-40814 CRITICAL
Customer Photo Gallery < 2.9.4 - SQL Injection
CVSS 9.8
CVE-2021-38706 HIGH
ClinicCases 7.3.3 - SQL Injection via messages_load.php Parameter
CVSS 8.8
CVE-2021-38840 CRITICAL
Simple Water Refilling Station Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2021-24395 HIGH
Embed Youtube Video < 1.0 - SQL Injection via editid GET Parameter
CVSS 7.2
CVE-2021-24394 HIGH
Easy Testimonial Manager < 1.2.0 - SQL Injection via id GET Parameter
CVSS 7.2
CVE-2021-24393 HIGH
Comment Highlighter < 0.13 - SQL Injection via c GET Parameter
CVSS 7.2
CVE-2021-24392 HIGH
club-management-software < 1.0 - SQL Injection via id GET Parameter
CVSS 7.2
CVE-2021-24391 HIGH
Cashtomer < 1.0.0 - SQL Injection via editid GET Parameter
CVSS 8.8
CVE-2021-24390 HIGH
alipay < 3.7.2 - SQL Injection via proid GET Parameter
CVSS 7.2
CVE-2021-24303 HIGH
JiangQie Official Website Mini Program < 1.1.1 - SQL Injection via ID GET Parameter
CVSS 8.8
CVE-2021-39379 CRITICAL
openSIS 8.0 - SQL Injection via ResetUserInfo.php password_stn_id Parameter
CVSS 9.8
CVE-2021-39378 CRITICAL
openSIS 8.0 - SQL Injection via NamesList.php str Parameter
CVSS 9.8
CVE-2021-39377 CRITICAL
openSIS 8.0 - SQL Injection via index.php username parameter
CVSS 9.8
Details
Vulnerabilities 19,824
Exploit Likelihood High