CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,831 vulnerabilities with CWE-89
CVE-2021-24360
MEDIUM
Yes/No Chart WordPress Plugin < 1.0.12 - Authenticated Blind SQL Injection via sid Shortcode Parameter
CVSS 6.5
CVE-2021-24348
HIGH
Side Menu - add fixed side buttons < 3.1.5 - Authenticated SQL Injection via did GET Parameter
CVSS 7.2
CVE-2021-24345
MEDIUM
Sendit < 2.5.1 - Authenticated Blind SQL Injection via id_lista POST Parameter
CVSS 6.6
CVE-2021-24341
HIGH
Xllentech English Islamic Calendar < 2.6.8 - SQL Injection via year_number and month_number POST Parameters
CVSS 8.8
CVE-2021-32932
HIGH
Advantech iView < 5.7.03.6182 - SQL Injection
CVSS 7.5
CVE-2021-23230
CRITICAL
Gallagher Command Centre <8.40.1888-8.00 - SQL Injection
CVSS 9.9
CVE-2021-33894
HIGH
Progress MOVEit Transfer SQL Injection in SILUtility.vb
CVSS 8.8
CVE-2021-29099
MEDIUM
ArcGIS Server < 10.8.1 - SQL Injection
CVSS 5.3
CVE-2021-24340
HIGH
WP Statistics < 13.0.8 - Unauthenticated SQL Injection via Improper Query Preparation
CVSS 7.5
CVE-2021-24337
HIGH
video-embed-box < 1.0 - Authenticated SQL Injection via id GET Parameter
CVSS 8.8
CVE-2021-24336
HIGH
FlightLog < 3.0.2 - Authenticated SQL Injection via POST Parameters
CVSS 7.2
CVE-2021-29089
CRITICAL
Synology Photo Station < 6.8.14-3500 - SQL Injection in Thumbnail Component
CVSS 9.8
CVE-2021-29090
HIGH
Synology Photo Station < 6.8.14-3500 - Authenticated SQL Injection
CVSS 7.2
CVE-2021-33180
HIGH
Synology Media Server <1.8.1-2876 - SQL Injection
CVSS 7.3
CVE-2021-24321
CRITICAL
Bello WordPress Theme < 1.6.0 - SQL Injection via Unsanitized Listing Parameters
CVSS 9.8
CVE-2021-27828
CRITICAL
In4Suite ERP <3.2.74.1370 - SQL Injection
CVSS 9.1
CVE-2021-33470
CRITICAL
COVID19 Testing Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2021-30081
HIGH
emlog 6.0.0stable - SQL Injection via admin/navbar.php Page Addition
CVSS 8.8
CVE-2021-20720
CRITICAL
KonaWiki2 < 2.2.4 - SQL Injection
CVSS 9.8
CVE-2021-31316
CRITICAL
Control WebPanel - SQL Injection via idsession HTTP POST Parameter
CVSS 9.8
CVE-2021-31827
HIGH
Progress MOVEit Transfer < 2021.0 - Authenticated SQL Injection in SILHuman.vb
CVSS 8.8
CVE-2021-24314
CRITICAL
Goto WordPress Theme < 2.1 - Unauthenticated SQL Injection via Keywords GET Parameter
CVSS 9.8
CVE-2021-24295
HIGH
CleanTalk AntiSpam/FireWall < 5.153.4 - Unauthenticated Time-Based Blind SQLi via User-Agent
CVSS 7.5
CVE-2021-29053
HIGH
Liferay DXP 7.3.5 and 7.3 < 7.3.10.fp1 - Authenticated SQL Injection via classPKField Parameter
CVSS 8.8
CVE-2021-24285
CRITICAL
Car Seller - Auto Classifieds Script < 2.1.0 - SQL Injection via order_id POST Parameter
CVSS 9.8
Details
Vulnerabilities
19,831
Exploit Likelihood
High