CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,831 vulnerabilities with CWE-89
CVE-2021-28053
HIGH
Centreon-Web <20.10.0 - SQL Injection
CVSS 8.8
CVE-2021-33578
CRITICAL
Echo ShareCare 8.15.5 - SQL Injection
CVSS 9.8
CVE-2021-24442
CRITICAL
Poll, Survey, Questionnaire and Voting system < 1.5.3 - Unauthenticated SQL Injection via date_answers[] Parameter
CVSS 9.8
CVE-2021-24385
CRITICAL
Filebird 4.7.3 - Unauthenticated SQL Injection via REST API Endpoint
CVSS 9.8
CVE-2021-24007
CRITICAL
FortiMail < 6.4.4 - Unauthenticated SQL Injection via HTTP Requests
CVSS 9.8
CVE-2021-29730
HIGH
IBM InfoSphere Information Server 11.7 - SQL Injection
CVSS 8.8
CVE-2021-30117
CRITICAL
Kaseya VSA < 9.5.6 - Semi-Authenticated SQL Injection via InstallTab/exportFldr.asp fldrId Parameter
CVSS 9.8
CVE-2021-23405
HIGH
pimcore/pimcore < 10.0.7 - SQL Injection via storeId Parameter
CVSS 8.3
CVE-2021-34609
HIGH
Aruba ClearPass Policy Manager < 6.6.10 - SQL Injection
CVSS 8.8
CVE-2021-25427
MEDIUM
Bluetooth <SMR July-2021 Release 1 - SQL Injection
CVSS 6.5
CVE-2021-24451
HIGH
Export Users With Meta < 0.6.5 - Authenticated SQL Injection via Role Export Functionality
CVSS 7.2
CVE-2021-27950
HIGH
azurWebEngine <1.2.3.12 - SQL Injection
CVSS 8.8
CVE-2021-35042
CRITICAL
Django <3.1.13, <3.2.5 - SQL Injection
CVSS 9.8
CVE-2021-28423
HIGH
Teachers Record Management System <2.1 - SQL Injection
CVSS 8.8
CVE-2021-28993
HIGH
Plixer Scrutinizer 19.0.2 - SQL Injection
CVSS 7.5
CVE-2021-34187
CRITICAL
Chamilo < 1.11.14 - Unauthenticated SQL Injection via Search Field or Filters Parameter
CVSS 9.8
CVE-2021-35456
CRITICAL
Online Pet Shop We App 1.0 - SQL Injection
CVSS 9.8
CVE-2021-35049
CRITICAL
Fidelis Network & Deception <9.3.7, 9.4 - Command Injection
CVSS 9.9
CVE-2021-35048
CRITICAL
Fidelis Network & Deception <9.3.7, 9.4 - SQL Injection
CVSS 9.8
CVE-2021-32704
HIGH
DHIS 2 2.34.4-2.34.5, 2.35.2-2.35.4, 2.36.0 - Authenticated SQL Injection via Tracked Entity Instances API
CVSS 8.5
CVE-2021-31586
HIGH
Kiteworks < 7.4.0 - Authenticated SQL Injection via LDAPGroup Search
CVSS 8.8
CVE-2021-24361
CRITICAL
Location Manager < 2.1.0.10 - Unauthenticated SQL Injection via gd_popular_location_list AJAX Action
CVSS 9.8
CVE-2021-3604
CRITICAL
Primion-Digitek Secure 8 - Blind SQL Injection
CVSS 9.8
CVE-2021-31818
MEDIUM
Octopus Server 2018.9.17-2018.13.0 - Authenticated SQL Injection in Events REST API
CVSS 4.3
CVE-2021-32582
HIGH
ConnectWise Automate < 2021.5 - SQL Injection via Monitor Status Response
CVSS 7.5
Details
Vulnerabilities
19,831
Exploit Likelihood
High