CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,831 vulnerabilities with CWE-89
CVE-2021-24392 HIGH
club-management-software < 1.0 - SQL Injection via id GET Parameter
CVSS 7.2
CVE-2021-24391 HIGH
Cashtomer < 1.0.0 - SQL Injection via editid GET Parameter
CVSS 8.8
CVE-2021-24390 HIGH
alipay < 3.7.2 - SQL Injection via proid GET Parameter
CVSS 7.2
CVE-2021-24303 HIGH
JiangQie Official Website Mini Program < 1.1.1 - SQL Injection via ID GET Parameter
CVSS 8.8
CVE-2021-39379 CRITICAL
openSIS 8.0 - SQL Injection via ResetUserInfo.php password_stn_id Parameter
CVSS 9.8
CVE-2021-39378 CRITICAL
openSIS 8.0 - SQL Injection via NamesList.php str Parameter
CVSS 9.8
CVE-2021-39377 CRITICAL
openSIS 8.0 - SQL Injection via index.php username parameter
CVSS 9.8
CVE-2021-40353 CRITICAL
openSIS 8.0 - SQL Injection via index.php USERNAME Parameter
CVSS 9.8
CVE-2021-35212 HIGH
Orion Platform - Privilege Escalation
CVSS 8.9
CVE-2021-38145 CRITICAL
Form Tools <3.0.20 - SQL Injection
CVSS 9.8
CVE-2021-38393 CRITICAL
Delta Electronics DIAEnergie <1.7.5 - SQL Injection
CVSS 9.8
CVE-2021-38391 CRITICAL
Delta Electronics DIAEnergie <1.7.5 - SQL Injection
CVSS 9.8
CVE-2021-38390 CRITICAL
Delta Electronics DIAEnergie <1.7.5 - SQL Injection
CVSS 9.8
CVE-2021-32983 CRITICAL
Delta Electronics DIAEnergie <1.7.5 - SQL Injection
CVSS 9.8
CVE-2021-24580 HIGH
Side Menu Lite WordPress Plugin < 2.2.6 - Authenticated SQL Injection via Admin Dashboard List Page
CVSS 8.8
CVE-2021-37749 CRITICAL
Hexagon GeoMedia WebMap < 16.6.2.66 - Blind SQL Injection via MapService.svc GetMap Id Parameter
CVSS 9.8
CVE-2021-3264 HIGH
cxuucms 3.1 - SQL Injection via pid Parameter
CVSS 7.2
CVE-2021-39165 HIGH
Cachet <= 2.3.18 - Unauthenticated SQL Injection via SearchableTrait
CVSS 8.1
CVE-2021-39376 HIGH
Philips Tasy Electronic Medical Record 3.06 - SQL Injection via CorCad_F2/executaConsultaEspecifico Parameters
CVSS 8.8
CVE-2021-39375 HIGH
Philips Tasy Electronic Medical Record 3.06 - SQL Injection via WAdvancedFilter FilterValue Parameter
CVSS 8.8
CVE-2021-37538 CRITICAL
SmartDataSoft SmartBlog < 4.06 - Unauthenticated SQL Injection via Archive or Category Parameters
CVSS 9.8
CVE-2021-36385 CRITICAL
Cerner Mobile Care 5.0.0 - SQL Injection
CVSS 9.8
CVE-2021-24557 HIGH
m-vslider < 2.1.3 - Authenticated SQL Injection via rs_id Parameter
CVSS 7.2
CVE-2021-24555 HIGH
diary-availability-calendar < 1.0.3 - Authenticated SQL Injection via daac_delete_booking AJAX Action
CVSS 8.8
CVE-2021-24554 HIGH
Paytm - Donation Plugin < 1.3.2 - Authenticated SQL Injection via id GET Parameter
CVSS 7.2
Details
Vulnerabilities 19,831
Exploit Likelihood High