CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,835 vulnerabilities with CWE-89
CVE-2021-23276
HIGH
Eaton IPM <1.69 - Authenticated SQL Injection
CVSS 7.1
CVE-2021-30176
CRITICAL
ZEROF Expert pro/2.0 - SQL Injection
CVSS 9.8
CVE-2021-30175
CRITICAL
ZEROF Web Server 1.0 - SQL Injection
CVSS 9.8
CVE-2021-24221
HIGH
Quiz And Survey Master < 7.1.12 - SQL Injection via result_id GET Parameter
CVSS 8.8
CVE-2021-24200
MEDIUM
wpDataTables < 3.4.2 - Authenticated Boolean-based Blind SQL Injection via Length Parameter
CVSS 6.5
CVE-2021-24199
MEDIUM
wpDataTables < 3.4.2 - Authenticated Boolean-based Blind SQL Injection via 'start' Parameter
CVSS 6.5
CVE-2021-28925
CRITICAL
Nagios Network Analyzer < 2.4.3 - SQL Injection via o[col] Parameter
CVSS 9.8
CVE-2021-1409
MEDIUM
Cisco Unified Communications Manager <14 - Unauthenticated Cross-Site Scripting
CVSS 6.1
CVE-2021-1408
MEDIUM
Cisco Unified Communications Manager < 14 - Unauthenticated Cross-Site Scripting
CVSS 6.1
CVE-2021-1407
MEDIUM
Cisco Unified Communications Manager < 14 - Unauthenticated Cross-Site Scripting
CVSS 6.1
CVE-2021-1380
MEDIUM
Cisco Unified Communications Manager <14 - Unauthenticated Cross-Site Scripting via Web Interface
CVSS 6.1
CVE-2021-30177
CRITICAL
PHP-Nuke 8.3.3 - SQL Injection and Remote Code Execution via User Registration
CVSS 9.8
CVE-2021-28142
HIGH
CITSmart <9.1.2.28 - Info Disclosure
CVSS 8.8
CVE-2021-24186
MEDIUM
Tutor LMS < 1.8.3 - Authenticated SQL Injection via tutor_answering_quiz_question/get_answer_by_id
CVSS 6.5
CVE-2021-24185
MEDIUM
Tutor LMS < 1.7.7 - Authenticated SQL Injection via tutor_place_rating AJAX Action
CVSS 6.5
CVE-2021-24183
MEDIUM
Tutor LMS < 1.8.3 - Authenticated SQL Injection via tutor_quiz_builder_get_question_form AJAX Action
CVSS 6.5
CVE-2021-24182
MEDIUM
Tutor LMS < 1.8.3 - Authenticated SQL Injection via tutor_quiz_builder_get_answers_by_question AJAX Action
CVSS 6.5
CVE-2021-24181
MEDIUM
Tutor LMS < 1.7.7 - Authenticated Blind SQL Injection via tutor_mark_answer_as_correct AJAX Action
CVSS 6.5
CVE-2021-30055
HIGH
Knowage < 7.4 - SQL Injection via 'par_year' Parameter in Document Execution URL Analytics Driver
CVSS 8.8
CVE-2021-27973
HIGH
Piwigo < 11.4.0 - SQL Injection via Language Parameter
CVSS 7.2
CVE-2021-30000
CRITICAL
LATRIX 0.6.0 - SQL Injection via txtaccesscode Parameter
CVSS 9.8
CVE-2021-28970
MEDIUM
FireEye Email Malware Protection System 9.0.1.923211 - Authenticated SQL Injection via Job ID Parameter
CVSS 6.5
CVE-2021-28969
MEDIUM
FireEye eMPS 9.0.1.923211 - Authenticated SQL Injection via Email Search sort_by Parameter
CVSS 6.5
CVE-2021-28245
HIGH
PbootCMS 3.0.4 - SQL Injection via Search Parameter
CVSS 7.5
CVE-2021-29343
MEDIUM
Ovidentia CMS 6.0.0-6.7.7 - SQL Injection via Index.php ID Parameter
CVSS 5.4
Details
Vulnerabilities
19,835
Exploit Likelihood
High