CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,831 vulnerabilities with CWE-89
CVE-2021-34165 CRITICAL
Basic Shopping Cart 1.0 - SQL Injection
CVSS 9.8
CVE-2021-37478 CRITICAL
NavigateCMS < 2.9.4 - SQL Injection via block-order Parameter
CVSS 9.8
CVE-2021-37477 CRITICAL
NavigateCMS < 2.9.4 - SQL Injection via children_order Parameter
CVSS 9.8
CVE-2021-37476 CRITICAL
NavigateCMS < 2.9.4 - SQL Injection via Product ID Parameter
CVSS 9.8
CVE-2021-37475 CRITICAL
NavigateCMS < 2.9.4 - SQL Injection via template-properties-order Parameter
CVSS 9.8
CVE-2021-37473 CRITICAL
NavigateCMS < 2.9.4 - SQL Injection via products-order Parameter
CVSS 9.8
CVE-2021-32790 MEDIUM
WooCommerce 3.3.0-3.3.6 - Authenticated SQL Injection via Webhook Search Parameter
CVSS 4.9
CVE-2021-32789 HIGH
WooCommerce Gutenberg Blocks <2.5.16 - SQL Injection
CVSS 7.5
CVE-2021-25201 HIGH
Learning Management System <1.0 - SQL Injection
CVSS 7.5
CVE-2021-25213 CRITICAL
SourceCodester Travel Management System <1.0 - SQL Injection
CVSS 9.8
CVE-2021-25209 CRITICAL
SourceCodester Theme Park Ticketing System <1.0 - SQL Injection
CVSS 9.8
CVE-2021-25205 CRITICAL
SourceCodester E-Commerce Website V 1.0 - SQL Injection
CVSS 9.8
CVE-2021-26223 CRITICAL
CASAP Automated Enrollment System 1.0 - SQL Injection via view_pay.php id Parameter
CVSS 9.8
CVE-2021-25212 CRITICAL
SourceCodester Alumni Management System <1.0 - SQL Injection
CVSS 9.8
CVE-2021-26226 CRITICAL
CASAP Automated Enrollment System 1.0 - SQL Injection via edit_user.php id Parameter
CVSS 9.8
CVE-2021-25202 CRITICAL
SourceCodester Sales & Inventory <1.0 - SQL Injection
CVSS 9.8
CVE-2021-26232 CRITICAL
Simple College Website 1.0 - SQL Injection via News ID Parameter
CVSS 9.8
CVE-2021-26231 CRITICAL
Fantastic Blog CMS 1.0 - SQL Injection via Category ID Parameter
CVSS 9.8
CVE-2021-26229 CRITICAL
CASAP Automated Enrollment System 1.0 - SQL Injection via edit_stud.php id Parameter
CVSS 9.8
CVE-2021-26228 CRITICAL
CASAP Automated Enrollment System 1.0 - SQL Injection via edit_class1.php id Parameter
CVSS 9.8
CVE-2021-26765 CRITICAL
PHPGurukul Student Record System 4.0 - SQL Injection via edit-sub.php sid Parameter
CVSS 9.8
CVE-2021-26764 HIGH
PHPGurukul Student Record System 4.0 - SQL Injection via edit-std.php id Parameter
CVSS 8.8
CVE-2021-26762 HIGH
PHPGurukul Student Record System 4.0 - SQL Injection via edit-course.php cid Parameter
CVSS 8.8
CVE-2021-30486 HIGH
SysAid 20.3.64 b14 - SQL Injection via AssetManagementChart.jsp or AssetManagementList.jsp
CVSS 8.8
CVE-2021-27021 HIGH
PuppetDB < 6.17.0 - Privilege Escalation via SQL Query
CVSS 8.8
Details
Vulnerabilities 19,831
Exploit Likelihood High