CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,835 vulnerabilities with CWE-89
CVE-2021-28668
CRITICAL
Xerox AltaLink B80xx/C80xx < 103.008.020.23120 - SQL Injection
CVSS 9.8
CVE-2021-27320
HIGH
Doctor Appointment System 1.0 - SQL Injection
CVSS 7.5
CVE-2021-27319
HIGH
Doctor Appointment System 1.0 - SQL Injection
CVSS 7.5
CVE-2021-27316
HIGH
Doctor Appointment System 1.0 - SQL Injection
CVSS 7.5
CVE-2021-27315
HIGH
Doctor Appointment System 1.0 - SQL Injection
CVSS 7.5
CVE-2021-21380
HIGH
XWiki Platform 6.4.1-12.8 - Authenticated SQL Injection via Rating Script Service
CVSS 7.7
CVE-2021-26578
HIGH
HPE Network Orchestrator < 2.5 - SQL Injection
CVSS 7.5
CVE-2021-26935
HIGH
wowonder < 3.1 - SQL Injection via event_id Parameter
CVSS 7.5
CVE-2021-24149
HIGH
Modern Events Calendar Lite < 5.16.6 - Authenticated SQL Injection via mec[post_id] Parameter
CVSS 8.8
CVE-2021-24143
HIGH
AccessPress Social Icons < 1.8.1 - Authenticated SQL Injection via Widget Attribute
CVSS 8.8
CVE-2021-24142
HIGH
301 Redirects - Easy Redirect Manager < 2.51 - Authenticated SQL Injection via CSV Import
CVSS 7.2
CVE-2021-24141
HIGH
Advanced Database Cleaner < 3.0.2 - Authenticated SQL Injection
CVSS 7.2
CVE-2021-24140
HIGH
Ajax Load More < 5.3.2 - SQL Injection via Repeater Parameter
CVSS 7.2
CVE-2021-24139
CRITICAL
10web Photo Gallery < 1.5.55 - SQL Injection via bwg_search_x Parameter
CVSS 9.8
CVE-2021-24138
MEDIUM
AdRotate < 5.8.4 - Authenticated SQL Injection via 'id' Parameter
CVSS 5.5
CVE-2021-24137
HIGH
Blog2Social < 6.3.1 - Authenticated SQL Injection in Re-Share Posts Feature
CVSS 8.8
CVE-2021-24132
HIGH
10web Slider < 1.2.36 - Authenticated SQL Injection via bulk_action, export_full, and save_slider_db
CVSS 8.8
CVE-2021-24131
HIGH
Anti-Spam by CleanTalk < 5.149 - Authenticated SQL Injection
CVSS 7.2
CVE-2021-24130
HIGH
Weplugins WP Maps < 4.1.5 - SQL Injection
CVSS 7.2
CVE-2021-24125
HIGH
Contact Form Submissions < 1.7.1 - Authenticated SQL Injection via wpcf7_contact_form GET Parameter
CVSS 7.2
CVE-2021-28419
HIGH
SEO Panel 4.8.0 - SQL Injection via order_col Parameter
CVSS 7.2
CVE-2021-22848
HIGH
HGiga MailSherlock < 4.5-120 - Unauthenticated SQL Injection via Email Page URL Parameter
CVSS 7.0
CVE-2021-20678
HIGH
Paid Memberships Pro <2.5.6 - SQL Injection
CVSS 8.8
CVE-2021-22859
CRITICAL
EIC e-document system - SQL Injection
CVSS 9.8
CVE-2021-28381
CRITICAL
vhs < 5.1.1 - SQL Injection via isLanguageViewHelper
CVSS 9.8
Details
Vulnerabilities
19,835
Exploit Likelihood
High