CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,831 vulnerabilities with CWE-89
CVE-2021-24392
HIGH
club-management-software < 1.0 - SQL Injection via id GET Parameter
CVSS 7.2
CVE-2021-24391
HIGH
Cashtomer < 1.0.0 - SQL Injection via editid GET Parameter
CVSS 8.8
CVE-2021-24390
HIGH
alipay < 3.7.2 - SQL Injection via proid GET Parameter
CVSS 7.2
CVE-2021-24303
HIGH
JiangQie Official Website Mini Program < 1.1.1 - SQL Injection via ID GET Parameter
CVSS 8.8
CVE-2021-39379
CRITICAL
openSIS 8.0 - SQL Injection via ResetUserInfo.php password_stn_id Parameter
CVSS 9.8
CVE-2021-39378
CRITICAL
openSIS 8.0 - SQL Injection via NamesList.php str Parameter
CVSS 9.8
CVE-2021-39377
CRITICAL
openSIS 8.0 - SQL Injection via index.php username parameter
CVSS 9.8
CVE-2021-40353
CRITICAL
openSIS 8.0 - SQL Injection via index.php USERNAME Parameter
CVSS 9.8
CVE-2021-35212
HIGH
Orion Platform - Privilege Escalation
CVSS 8.9
CVE-2021-38145
CRITICAL
Form Tools <3.0.20 - SQL Injection
CVSS 9.8
CVE-2021-38393
CRITICAL
Delta Electronics DIAEnergie <1.7.5 - SQL Injection
CVSS 9.8
CVE-2021-38391
CRITICAL
Delta Electronics DIAEnergie <1.7.5 - SQL Injection
CVSS 9.8
CVE-2021-38390
CRITICAL
Delta Electronics DIAEnergie <1.7.5 - SQL Injection
CVSS 9.8
CVE-2021-32983
CRITICAL
Delta Electronics DIAEnergie <1.7.5 - SQL Injection
CVSS 9.8
CVE-2021-24580
HIGH
Side Menu Lite WordPress Plugin < 2.2.6 - Authenticated SQL Injection via Admin Dashboard List Page
CVSS 8.8
CVE-2021-37749
CRITICAL
Hexagon GeoMedia WebMap < 16.6.2.66 - Blind SQL Injection via MapService.svc GetMap Id Parameter
CVSS 9.8
CVE-2021-3264
HIGH
cxuucms 3.1 - SQL Injection via pid Parameter
CVSS 7.2
CVE-2021-39165
HIGH
Cachet <= 2.3.18 - Unauthenticated SQL Injection via SearchableTrait
CVSS 8.1
CVE-2021-39376
HIGH
Philips Tasy Electronic Medical Record 3.06 - SQL Injection via CorCad_F2/executaConsultaEspecifico Parameters
CVSS 8.8
CVE-2021-39375
HIGH
Philips Tasy Electronic Medical Record 3.06 - SQL Injection via WAdvancedFilter FilterValue Parameter
CVSS 8.8
CVE-2021-37538
CRITICAL
SmartDataSoft SmartBlog < 4.06 - Unauthenticated SQL Injection via Archive or Category Parameters
CVSS 9.8
CVE-2021-36385
CRITICAL
Cerner Mobile Care 5.0.0 - SQL Injection
CVSS 9.8
CVE-2021-24557
HIGH
m-vslider < 2.1.3 - Authenticated SQL Injection via rs_id Parameter
CVSS 7.2
CVE-2021-24555
HIGH
diary-availability-calendar < 1.0.3 - Authenticated SQL Injection via daac_delete_booking AJAX Action
CVSS 8.8
CVE-2021-24554
HIGH
Paytm - Donation Plugin < 1.3.2 - Authenticated SQL Injection via id GET Parameter
CVSS 7.2
Details
Vulnerabilities
19,831
Exploit Likelihood
High