CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,831 vulnerabilities with CWE-89
CVE-2021-34165
CRITICAL
Basic Shopping Cart 1.0 - SQL Injection
CVSS 9.8
CVE-2021-37478
CRITICAL
NavigateCMS < 2.9.4 - SQL Injection via block-order Parameter
CVSS 9.8
CVE-2021-37477
CRITICAL
NavigateCMS < 2.9.4 - SQL Injection via children_order Parameter
CVSS 9.8
CVE-2021-37476
CRITICAL
NavigateCMS < 2.9.4 - SQL Injection via Product ID Parameter
CVSS 9.8
CVE-2021-37475
CRITICAL
NavigateCMS < 2.9.4 - SQL Injection via template-properties-order Parameter
CVSS 9.8
CVE-2021-37473
CRITICAL
NavigateCMS < 2.9.4 - SQL Injection via products-order Parameter
CVSS 9.8
CVE-2021-32790
MEDIUM
WooCommerce 3.3.0-3.3.6 - Authenticated SQL Injection via Webhook Search Parameter
CVSS 4.9
CVE-2021-32789
HIGH
WooCommerce Gutenberg Blocks <2.5.16 - SQL Injection
CVSS 7.5
CVE-2021-25201
HIGH
Learning Management System <1.0 - SQL Injection
CVSS 7.5
CVE-2021-25213
CRITICAL
SourceCodester Travel Management System <1.0 - SQL Injection
CVSS 9.8
CVE-2021-25209
CRITICAL
SourceCodester Theme Park Ticketing System <1.0 - SQL Injection
CVSS 9.8
CVE-2021-25205
CRITICAL
SourceCodester E-Commerce Website V 1.0 - SQL Injection
CVSS 9.8
CVE-2021-26223
CRITICAL
CASAP Automated Enrollment System 1.0 - SQL Injection via view_pay.php id Parameter
CVSS 9.8
CVE-2021-25212
CRITICAL
SourceCodester Alumni Management System <1.0 - SQL Injection
CVSS 9.8
CVE-2021-26226
CRITICAL
CASAP Automated Enrollment System 1.0 - SQL Injection via edit_user.php id Parameter
CVSS 9.8
CVE-2021-25202
CRITICAL
SourceCodester Sales & Inventory <1.0 - SQL Injection
CVSS 9.8
CVE-2021-26232
CRITICAL
Simple College Website 1.0 - SQL Injection via News ID Parameter
CVSS 9.8
CVE-2021-26231
CRITICAL
Fantastic Blog CMS 1.0 - SQL Injection via Category ID Parameter
CVSS 9.8
CVE-2021-26229
CRITICAL
CASAP Automated Enrollment System 1.0 - SQL Injection via edit_stud.php id Parameter
CVSS 9.8
CVE-2021-26228
CRITICAL
CASAP Automated Enrollment System 1.0 - SQL Injection via edit_class1.php id Parameter
CVSS 9.8
CVE-2021-26765
CRITICAL
PHPGurukul Student Record System 4.0 - SQL Injection via edit-sub.php sid Parameter
CVSS 9.8
CVE-2021-26764
HIGH
PHPGurukul Student Record System 4.0 - SQL Injection via edit-std.php id Parameter
CVSS 8.8
CVE-2021-26762
HIGH
PHPGurukul Student Record System 4.0 - SQL Injection via edit-course.php cid Parameter
CVSS 8.8
CVE-2021-30486
HIGH
SysAid 20.3.64 b14 - SQL Injection via AssetManagementChart.jsp or AssetManagementList.jsp
CVSS 8.8
CVE-2021-27021
HIGH
PuppetDB < 6.17.0 - Privilege Escalation via SQL Query
CVSS 8.8
Details
Vulnerabilities
19,831
Exploit Likelihood
High