CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,835 vulnerabilities with CWE-89
CVE-2021-28668 CRITICAL
Xerox AltaLink B80xx/C80xx < 103.008.020.23120 - SQL Injection
CVSS 9.8
CVE-2021-27320 HIGH
Doctor Appointment System 1.0 - SQL Injection
CVSS 7.5
CVE-2021-27319 HIGH
Doctor Appointment System 1.0 - SQL Injection
CVSS 7.5
CVE-2021-27316 HIGH
Doctor Appointment System 1.0 - SQL Injection
CVSS 7.5
CVE-2021-27315 HIGH
Doctor Appointment System 1.0 - SQL Injection
CVSS 7.5
CVE-2021-21380 HIGH
XWiki Platform 6.4.1-12.8 - Authenticated SQL Injection via Rating Script Service
CVSS 7.7
CVE-2021-26578 HIGH
HPE Network Orchestrator < 2.5 - SQL Injection
CVSS 7.5
CVE-2021-26935 HIGH
wowonder < 3.1 - SQL Injection via event_id Parameter
CVSS 7.5
CVE-2021-24149 HIGH
Modern Events Calendar Lite < 5.16.6 - Authenticated SQL Injection via mec[post_id] Parameter
CVSS 8.8
CVE-2021-24143 HIGH
AccessPress Social Icons < 1.8.1 - Authenticated SQL Injection via Widget Attribute
CVSS 8.8
CVE-2021-24142 HIGH
301 Redirects - Easy Redirect Manager < 2.51 - Authenticated SQL Injection via CSV Import
CVSS 7.2
CVE-2021-24141 HIGH
Advanced Database Cleaner < 3.0.2 - Authenticated SQL Injection
CVSS 7.2
CVE-2021-24140 HIGH
Ajax Load More < 5.3.2 - SQL Injection via Repeater Parameter
CVSS 7.2
CVE-2021-24139 CRITICAL
10web Photo Gallery < 1.5.55 - SQL Injection via bwg_search_x Parameter
CVSS 9.8
CVE-2021-24138 MEDIUM
AdRotate < 5.8.4 - Authenticated SQL Injection via 'id' Parameter
CVSS 5.5
CVE-2021-24137 HIGH
Blog2Social < 6.3.1 - Authenticated SQL Injection in Re-Share Posts Feature
CVSS 8.8
CVE-2021-24132 HIGH
10web Slider < 1.2.36 - Authenticated SQL Injection via bulk_action, export_full, and save_slider_db
CVSS 8.8
CVE-2021-24131 HIGH
Anti-Spam by CleanTalk < 5.149 - Authenticated SQL Injection
CVSS 7.2
CVE-2021-24130 HIGH
Weplugins WP Maps < 4.1.5 - SQL Injection
CVSS 7.2
CVE-2021-24125 HIGH
Contact Form Submissions < 1.7.1 - Authenticated SQL Injection via wpcf7_contact_form GET Parameter
CVSS 7.2
CVE-2021-28419 HIGH
SEO Panel 4.8.0 - SQL Injection via order_col Parameter
CVSS 7.2
CVE-2021-22848 HIGH
HGiga MailSherlock < 4.5-120 - Unauthenticated SQL Injection via Email Page URL Parameter
CVSS 7.0
CVE-2021-20678 HIGH
Paid Memberships Pro <2.5.6 - SQL Injection
CVSS 8.8
CVE-2021-22859 CRITICAL
EIC e-document system - SQL Injection
CVSS 9.8
CVE-2021-28381 CRITICAL
vhs < 5.1.1 - SQL Injection via isLanguageViewHelper
CVSS 9.8
Details
Vulnerabilities 19,835
Exploit Likelihood High