CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,831 vulnerabilities with CWE-89
CVE-2021-24360 MEDIUM
Yes/No Chart WordPress Plugin < 1.0.12 - Authenticated Blind SQL Injection via sid Shortcode Parameter
CVSS 6.5
CVE-2021-24348 HIGH
Side Menu - add fixed side buttons < 3.1.5 - Authenticated SQL Injection via did GET Parameter
CVSS 7.2
CVE-2021-24345 MEDIUM
Sendit < 2.5.1 - Authenticated Blind SQL Injection via id_lista POST Parameter
CVSS 6.6
CVE-2021-24341 HIGH
Xllentech English Islamic Calendar < 2.6.8 - SQL Injection via year_number and month_number POST Parameters
CVSS 8.8
CVE-2021-32932 HIGH
Advantech iView < 5.7.03.6182 - SQL Injection
CVSS 7.5
CVE-2021-23230 CRITICAL
Gallagher Command Centre <8.40.1888-8.00 - SQL Injection
CVSS 9.9
CVE-2021-33894 HIGH
Progress MOVEit Transfer SQL Injection in SILUtility.vb
CVSS 8.8
CVE-2021-29099 MEDIUM
ArcGIS Server < 10.8.1 - SQL Injection
CVSS 5.3
CVE-2021-24340 HIGH
WP Statistics < 13.0.8 - Unauthenticated SQL Injection via Improper Query Preparation
CVSS 7.5
CVE-2021-24337 HIGH
video-embed-box < 1.0 - Authenticated SQL Injection via id GET Parameter
CVSS 8.8
CVE-2021-24336 HIGH
FlightLog < 3.0.2 - Authenticated SQL Injection via POST Parameters
CVSS 7.2
CVE-2021-29089 CRITICAL
Synology Photo Station < 6.8.14-3500 - SQL Injection in Thumbnail Component
CVSS 9.8
CVE-2021-29090 HIGH
Synology Photo Station < 6.8.14-3500 - Authenticated SQL Injection
CVSS 7.2
CVE-2021-33180 HIGH
Synology Media Server <1.8.1-2876 - SQL Injection
CVSS 7.3
CVE-2021-24321 CRITICAL
Bello WordPress Theme < 1.6.0 - SQL Injection via Unsanitized Listing Parameters
CVSS 9.8
CVE-2021-27828 CRITICAL
In4Suite ERP <3.2.74.1370 - SQL Injection
CVSS 9.1
CVE-2021-33470 CRITICAL
COVID19 Testing Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2021-30081 HIGH
emlog 6.0.0stable - SQL Injection via admin/navbar.php Page Addition
CVSS 8.8
CVE-2021-20720 CRITICAL
KonaWiki2 < 2.2.4 - SQL Injection
CVSS 9.8
CVE-2021-31316 CRITICAL
Control WebPanel - SQL Injection via idsession HTTP POST Parameter
CVSS 9.8
CVE-2021-31827 HIGH
Progress MOVEit Transfer < 2021.0 - Authenticated SQL Injection in SILHuman.vb
CVSS 8.8
CVE-2021-24314 CRITICAL
Goto WordPress Theme < 2.1 - Unauthenticated SQL Injection via Keywords GET Parameter
CVSS 9.8
CVE-2021-24295 HIGH
CleanTalk AntiSpam/FireWall < 5.153.4 - Unauthenticated Time-Based Blind SQLi via User-Agent
CVSS 7.5
CVE-2021-29053 HIGH
Liferay DXP 7.3.5 and 7.3 < 7.3.10.fp1 - Authenticated SQL Injection via classPKField Parameter
CVSS 8.8
CVE-2021-24285 CRITICAL
Car Seller - Auto Classifieds Script < 2.1.0 - SQL Injection via order_id POST Parameter
CVSS 9.8
Details
Vulnerabilities 19,831
Exploit Likelihood High