CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,831 vulnerabilities with CWE-89
CVE-2021-24553 HIGH
Timeline Calendar < 1.2 - Authenticated SQL Injection via Edit GET Parameter
CVSS 7.2
CVE-2021-24552 HIGH
Simple Events Calendar < 1.4.0 - Authenticated SQL Injection via event_id POST Parameter
CVSS 7.2
CVE-2021-24551 CRITICAL
Edit Comments WordPress Plugin <= 0.3 - SQL Injection via jal_edit_comments GET Parameter
CVSS 9.8
CVE-2021-24550 HIGH
Broken Link Manager < 0.6.5 - Authenticated SQL Injection via URL GET Parameter
CVSS 7.2
CVE-2021-24506 HIGH
Slider Hero with Animation < 8.2.7 - Authenticated SQL Injection via Hero-Button Shortcode
CVSS 8.8
CVE-2021-24497 HIGH
Giveaway WordPress Plugin <= 1.2.2 - Authenticated SQL Injection via options.php Post ID
CVSS 7.2
CVE-2021-36748 HIGH
Prestahome Blog < 1.7.8 - SQL Injection via sb_category Parameter
CVSS 7.5
CVE-2021-39302 CRITICAL
MISP 2.4.148 - SQL Injection via Log.php $conditions['org'] Value
CVSS 9.8
CVE-2021-27999 MEDIUM
Local Services Search Engine <1.0 - SQL Injection
CVSS 4.9
CVE-2021-37358 CRITICAL
SEACMS v210530 - SQL Injection via admin_ajax.php v_name Parameter
CVSS 9.8
CVE-2021-38754 CRITICAL
Hospital Management System - SQL Injection
CVSS 9.8
CVE-2021-38302 CRITICAL
TYPO3 Newsletter <4.0.0 - SQL Injection
CVSS 9.8
CVE-2021-36789 CRITICAL
dated_news < 5.1.1 - SQL Injection
CVSS 9.8
CVE-2021-37350 CRITICAL
Nagios XI < 5.8.5 - SQL Injection via Bulk Modifications Tool
CVSS 9.8
CVE-2021-28890 CRITICAL
j2eefast 2.2.1 - SQL Injection via compId deptId or roleId Parameter
CVSS 9.8
CVE-2021-37599 CRITICAL
Nuance Winscribe Dictation 4.1.0.99 - Unauthenticated SQL Injection via Exporter Login Form txtPassword Parameter
CVSS 9.8
CVE-2021-38574 CRITICAL
Foxit Reader & PhantomPDF <10.1.4 - SQL Injection
CVSS 9.8
CVE-2021-24521 HIGH
Side Menu Lite < 2.2.1 - Authenticated SQL Injection
CVSS 7.2
CVE-2021-24520 HIGH
Out of Stock Message for WooCommerce < 1.0.4 - Authenticated SQL Injection
CVSS 8.8
CVE-2021-24507 CRITICAL
Astra Pro Addon < 3.5.2 - SQL Injection via astra_pagination_infinite and astra_shop_pagination_infinite AJAX Actions
CVSS 9.8
CVE-2021-38168 HIGH
Roxy-WI < 5.2.2.0 - Authenticated SQL Injection via select_servers
CVSS 8.8
CVE-2021-38167 CRITICAL
Roxy-WI < 5.2.2.0 - Unauthenticated SQL Injection via check_login
CVSS 9.8
CVE-2021-38159 CRITICAL
Progress MOVEit Transfer <2021.0.4 - SQL Injection
CVSS 9.8
CVE-2021-36455 HIGH
Naviwebs Navigate CMS 2.9 - SQL Injection
CVSS 8.8
CVE-2021-36351 CRITICAL
Care2x Hospital Information Management System < 2.7 - SQL Injection via pday/pmonth/pyear Parameters
CVSS 9.8
Details
Vulnerabilities 19,831
Exploit Likelihood High