CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,831 vulnerabilities with CWE-89
CVE-2021-32051
HIGH
Hexagon G!nius < 5.0.0.0 - SQL Injection via GiPWorkflow DownloadPublicFile id Parameter
CVSS 7.5
CVE-2021-32615
CRITICAL
Piwigo 11.4.0 - SQL Injection via order[0][dir] Parameter
CVSS 9.8
CVE-2021-32104
HIGH
OpenEMR 5.0.2.1 - Authenticated SQL Injection in eye_mag/save.php
CVSS 8.8
CVE-2021-32102
HIGH
OpenEMR 5.0.2.1 - Authenticated SQL Injection in Custom Template AJAX Handler
CVSS 8.8
CVE-2021-32099
CRITICAL
Artica Pandora FMS 742 - Unauthenticated SQL Injection via session_id Parameter
CVSS 9.8
CVE-2021-1365
HIGH
Cisco Unified Communications Manager IM and Presence Service 10.5-11.5(1)su9 - Authenticated SQL Injection
CVSS 7.1
CVE-2021-1363
HIGH
Cisco Unified Communications Manager IM and Presence Service 10.5-11.5(1)su9 - Authenticated SQL Injection
CVSS 7.1
CVE-2021-29350
HIGH
100- 1.1 - SQL Injection via X-Forwarded-For Header
CVSS 7.2
CVE-2021-25153
HIGH
Aruba AirWave <8.2.12.1 - SQL Injection
CVSS 8.1
CVE-2021-31777
MEDIUM
Dynamic Content Elements 2.2.0-2.6.x < 2.6.2 and 2.7.x < 2.7.1 - Authenticated SQL Injection
CVSS 4.9
CVE-2021-31856
CRITICAL
Layer5 Meshery 0.5.2 - SQL Injection via /experimental/patternfiles Order Parameter
CVSS 9.8
CVE-2021-25899
HIGH
Void Aural Rec Monitor 9.0.0.1 - Unauthenticated Blind SQL Injection via param1 Parameter
CVSS 7.5
CVE-2021-21427
CRITICAL
OpenMage Magento < 19.4.13 and 20.0.9 - SQL Injection
CVSS 9.1
CVE-2021-28828
HIGH
TIBCO Administrator - SQL Injection
CVSS 7.6
CVE-2021-26830
CRITICAL
Zenario < 8.8.53370 - SQL Injection via Plugin Library Delete Module ID Parameter
CVSS 9.1
CVE-2021-28242
HIGH
b2evolution <7.2.2-stable - SQL Injection
CVSS 8.8
CVE-2021-27672
MEDIUM
Zenario CMS <8.8.52729 - SQL Injection
CVSS 4.9
CVE-2021-27545
MEDIUM
PHPGurukul Beauty Parlour Mgmt <1.0 - SQL Injection
CVSS 6.5
CVE-2021-28157
HIGH
Devolutions Server < 2021.1 and LTS < 2020.3.18 - Authenticated SQL Injection via Userinfo Delete API
CVSS 7.2
CVE-2021-30459
CRITICAL
Jazzband Django Debug Toolbar <3.2.1 - SQL Injection
CVSS 9.8
CVE-2021-27130
CRITICAL
Online Reviewer System 1.0 - SQL Injection and Reverse Shell Upload via Authentication Bypass
CVSS 9.8
CVE-2021-23276
HIGH
Eaton IPM <1.69 - Authenticated SQL Injection
CVSS 7.1
CVE-2021-30176
CRITICAL
ZEROF Expert pro/2.0 - SQL Injection
CVSS 9.8
CVE-2021-30175
CRITICAL
ZEROF Web Server 1.0 - SQL Injection
CVSS 9.8
CVE-2021-24221
HIGH
Quiz And Survey Master < 7.1.12 - SQL Injection via result_id GET Parameter
CVSS 8.8
Details
Vulnerabilities
19,831
Exploit Likelihood
High