CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,831 vulnerabilities with CWE-89
CVE-2021-28053 HIGH
Centreon-Web <20.10.0 - SQL Injection
CVSS 8.8
CVE-2021-33578 CRITICAL
Echo ShareCare 8.15.5 - SQL Injection
CVSS 9.8
CVE-2021-24442 CRITICAL
Poll, Survey, Questionnaire and Voting system < 1.5.3 - Unauthenticated SQL Injection via date_answers[] Parameter
CVSS 9.8
CVE-2021-24385 CRITICAL
Filebird 4.7.3 - Unauthenticated SQL Injection via REST API Endpoint
CVSS 9.8
CVE-2021-24007 CRITICAL
FortiMail < 6.4.4 - Unauthenticated SQL Injection via HTTP Requests
CVSS 9.8
CVE-2021-29730 HIGH
IBM InfoSphere Information Server 11.7 - SQL Injection
CVSS 8.8
CVE-2021-30117 CRITICAL
Kaseya VSA < 9.5.6 - Semi-Authenticated SQL Injection via InstallTab/exportFldr.asp fldrId Parameter
CVSS 9.8
CVE-2021-23405 HIGH
pimcore/pimcore < 10.0.7 - SQL Injection via storeId Parameter
CVSS 8.3
CVE-2021-34609 HIGH
Aruba ClearPass Policy Manager < 6.6.10 - SQL Injection
CVSS 8.8
CVE-2021-25427 MEDIUM
Bluetooth <SMR July-2021 Release 1 - SQL Injection
CVSS 6.5
CVE-2021-24451 HIGH
Export Users With Meta < 0.6.5 - Authenticated SQL Injection via Role Export Functionality
CVSS 7.2
CVE-2021-27950 HIGH
azurWebEngine <1.2.3.12 - SQL Injection
CVSS 8.8
CVE-2021-35042 CRITICAL
Django <3.1.13, <3.2.5 - SQL Injection
CVSS 9.8
CVE-2021-28423 HIGH
Teachers Record Management System <2.1 - SQL Injection
CVSS 8.8
CVE-2021-28993 HIGH
Plixer Scrutinizer 19.0.2 - SQL Injection
CVSS 7.5
CVE-2021-34187 CRITICAL
Chamilo < 1.11.14 - Unauthenticated SQL Injection via Search Field or Filters Parameter
CVSS 9.8
CVE-2021-35456 CRITICAL
Online Pet Shop We App 1.0 - SQL Injection
CVSS 9.8
CVE-2021-35049 CRITICAL
Fidelis Network & Deception <9.3.7, 9.4 - Command Injection
CVSS 9.9
CVE-2021-35048 CRITICAL
Fidelis Network & Deception <9.3.7, 9.4 - SQL Injection
CVSS 9.8
CVE-2021-32704 HIGH
DHIS 2 2.34.4-2.34.5, 2.35.2-2.35.4, 2.36.0 - Authenticated SQL Injection via Tracked Entity Instances API
CVSS 8.5
CVE-2021-31586 HIGH
Kiteworks < 7.4.0 - Authenticated SQL Injection via LDAPGroup Search
CVSS 8.8
CVE-2021-24361 CRITICAL
Location Manager < 2.1.0.10 - Unauthenticated SQL Injection via gd_popular_location_list AJAX Action
CVSS 9.8
CVE-2021-3604 CRITICAL
Primion-Digitek Secure 8 - Blind SQL Injection
CVSS 9.8
CVE-2021-31818 MEDIUM
Octopus Server 2018.9.17-2018.13.0 - Authenticated SQL Injection in Events REST API
CVSS 4.3
CVE-2021-32582 HIGH
ConnectWise Automate < 2021.5 - SQL Injection via Monitor Status Response
CVSS 7.5
Details
Vulnerabilities 19,831
Exploit Likelihood High