CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,824 vulnerabilities with CWE-89
CVE-2021-33701
CRITICAL
SAP DMIS and S/4HANA - Authenticated SQL Injection via NDZT Tool Query Manipulation
CVSS 9.1
CVE-2021-23040
HIGH
BIG-IP AFM 12.1.0-12.1.5 - SQL Injection in Configuration Utility
CVSS 8.8
CVE-2021-38176
HIGH
SAP Landscape Transformation - NZDT ABAP Code Injection
CVSS 8.8
CVE-2021-33688
MEDIUM
SAP Business One - Authenticated SQL Injection
CVSS 4.3
CVE-2021-38833
CRITICAL
PHPGurukul AVMS <1.0 - SQL Injection
CVSS 9.8
CVE-2021-24728
HIGH
Cozmoslabs Membership & Content Restriction - Paid Member Subscriptions < 2.4.2 - SQL Injection
CVSS 8.8
CVE-2021-24727
HIGH
StopBadBots WP <6.60 - Authenticated SQL Injection
CVSS 8.8
CVE-2021-24726
HIGH
WP Simple Booking Calendar <2.0.6 - SQL Injection
CVSS 8.8
CVE-2021-37422
CRITICAL
ManageEngine ADSelfService Plus <= 6111 - SQL Injection
CVSS 9.8
CVE-2021-38324
HIGH
SP Rental Manager <1.5.3 - SQL Injection
CVSS 8.2
CVE-2021-38727
CRITICAL
FUEL CMS 1.5.0 - SQL Injection via 'col' Parameter in Logs Endpoint
CVSS 9.8
CVE-2021-38723
HIGH
FUEL CMS 1.5.0 - SQL Injection via 'col' Parameter
CVSS 8.8
CVE-2021-40814
CRITICAL
Customer Photo Gallery < 2.9.4 - SQL Injection
CVSS 9.8
CVE-2021-38706
HIGH
ClinicCases 7.3.3 - SQL Injection via messages_load.php Parameter
CVSS 8.8
CVE-2021-38840
CRITICAL
Simple Water Refilling Station Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2021-24395
HIGH
Embed Youtube Video < 1.0 - SQL Injection via editid GET Parameter
CVSS 7.2
CVE-2021-24394
HIGH
Easy Testimonial Manager < 1.2.0 - SQL Injection via id GET Parameter
CVSS 7.2
CVE-2021-24393
HIGH
Comment Highlighter < 0.13 - SQL Injection via c GET Parameter
CVSS 7.2
CVE-2021-24392
HIGH
club-management-software < 1.0 - SQL Injection via id GET Parameter
CVSS 7.2
CVE-2021-24391
HIGH
Cashtomer < 1.0.0 - SQL Injection via editid GET Parameter
CVSS 8.8
CVE-2021-24390
HIGH
alipay < 3.7.2 - SQL Injection via proid GET Parameter
CVSS 7.2
CVE-2021-24303
HIGH
JiangQie Official Website Mini Program < 1.1.1 - SQL Injection via ID GET Parameter
CVSS 8.8
CVE-2021-39379
CRITICAL
openSIS 8.0 - SQL Injection via ResetUserInfo.php password_stn_id Parameter
CVSS 9.8
CVE-2021-39378
CRITICAL
openSIS 8.0 - SQL Injection via NamesList.php str Parameter
CVSS 9.8
CVE-2021-39377
CRITICAL
openSIS 8.0 - SQL Injection via index.php username parameter
CVSS 9.8
Details
Vulnerabilities
19,824
Exploit Likelihood
High