CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,835 vulnerabilities with CWE-89
CVE-2021-28295 HIGH
Online Ordering System 1.0 - SQL Injection
CVSS 7.5
CVE-2021-27948 HIGH
MyBB < 1.8.26 - SQL Injection via User Groups
CVSS 7.2
CVE-2021-27947 HIGH
MyBB < 1.8.26 - SQL Injection via Copy Forum Feature
CVSS 7.2
CVE-2021-27946 HIGH
MyBB < 1.8.26 - SQL Injection via Poll Vote Count
CVSS 8.8
CVE-2021-27890 HIGH
MyBB < 1.8.26 - SQL Injection via Theme XML File Properties
CVSS 8.8
CVE-2021-23352 HIGH
madge < 4.0.1 - OS Command Injection via GraphViz Path Parameter
CVSS 8.6
CVE-2021-27581 CRITICAL
Kentico CMS <5.5.3996 - SQL Injection
CVSS 9.8
CVE-2021-26966 MEDIUM
Aruba AirWave < 8.2.12.0 - Authenticated SQL Injection
CVSS 6.5
CVE-2021-26965 MEDIUM
Aruba AirWave < 8.2.12.0 - Authenticated SQL Injection
CVSS 6.5
CVE-2021-27314 CRITICAL
Doctor Appointment System 1.0 - SQL Injection
CVSS 9.8
CVE-2021-26904 CRITICAL
ISIDA Retriever 5.2 - SQL Injection
CVSS 9.8
CVE-2021-26686 MEDIUM
Aruba ClearPass Policy Manager < 6.7.14 - Authenticated SQL Injection
CVSS 6.5
CVE-2021-26685 MEDIUM
Aruba ClearPass Policy Manager < 6.7.14 - Authenticated SQL Injection
CVSS 6.5
CVE-2021-27124 MEDIUM
Doctor Appointment System 1.0 - Authenticated SQL Injection via Expertise Parameter
CVSS 6.5
CVE-2021-25779 CRITICAL
Baby Care System 1.0 - SQL Injection via 'id' Parameter on contentsectionpage.php
CVSS 9.8
CVE-2021-22854 HIGH
HR Portal - Unauthenticated SQL Injection
CVSS 7.5
CVE-2021-22856 CRITICAL
CGE Property Management System - SQL Injection
CVSS 9.8
CVE-2021-27234 CRITICAL
Mutare Voice <3.3.8 - SQL Injection
CVSS 9.8
CVE-2021-3239 CRITICAL
E-Learning System 1.0 - SQL Injection
CVSS 9.8
CVE-2021-26822 CRITICAL
Teachers Record Management System 1.0 - Unauthenticated SQL Injection via searchteacher Parameter
CVSS 9.8
CVE-2021-26201 CRITICAL
CASAP Automated Enrollment System 1.0 - SQL Injection Authentication Bypass via Login Username Field
CVSS 9.8
CVE-2021-26200 CRITICAL
Library System 1.0 - SQL Injection
CVSS 9.8
CVE-2021-26751 HIGH
NeDi 1.9C - Authenticated SQL Injection via Monitoring History det Parameter
CVSS 8.8
CVE-2021-21024 CRITICAL
Magento <2.4.1, 2.4.0-p1, 2.3.6 - SQL Injection
CVSS 9.1
CVE-2021-22658 CRITICAL
Advantech iView <5.7.03.6112 - Privilege Escalation
CVSS 9.8
Details
Vulnerabilities 19,835
Exploit Likelihood High