CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,835 vulnerabilities with CWE-89
CVE-2021-28295
HIGH
Online Ordering System 1.0 - SQL Injection
CVSS 7.5
CVE-2021-27948
HIGH
MyBB < 1.8.26 - SQL Injection via User Groups
CVSS 7.2
CVE-2021-27947
HIGH
MyBB < 1.8.26 - SQL Injection via Copy Forum Feature
CVSS 7.2
CVE-2021-27946
HIGH
MyBB < 1.8.26 - SQL Injection via Poll Vote Count
CVSS 8.8
CVE-2021-27890
HIGH
MyBB < 1.8.26 - SQL Injection via Theme XML File Properties
CVSS 8.8
CVE-2021-23352
HIGH
madge < 4.0.1 - OS Command Injection via GraphViz Path Parameter
CVSS 8.6
CVE-2021-27581
CRITICAL
Kentico CMS <5.5.3996 - SQL Injection
CVSS 9.8
CVE-2021-26966
MEDIUM
Aruba AirWave < 8.2.12.0 - Authenticated SQL Injection
CVSS 6.5
CVE-2021-26965
MEDIUM
Aruba AirWave < 8.2.12.0 - Authenticated SQL Injection
CVSS 6.5
CVE-2021-27314
CRITICAL
Doctor Appointment System 1.0 - SQL Injection
CVSS 9.8
CVE-2021-26904
CRITICAL
ISIDA Retriever 5.2 - SQL Injection
CVSS 9.8
CVE-2021-26686
MEDIUM
Aruba ClearPass Policy Manager < 6.7.14 - Authenticated SQL Injection
CVSS 6.5
CVE-2021-26685
MEDIUM
Aruba ClearPass Policy Manager < 6.7.14 - Authenticated SQL Injection
CVSS 6.5
CVE-2021-27124
MEDIUM
Doctor Appointment System 1.0 - Authenticated SQL Injection via Expertise Parameter
CVSS 6.5
CVE-2021-25779
CRITICAL
Baby Care System 1.0 - SQL Injection via 'id' Parameter on contentsectionpage.php
CVSS 9.8
CVE-2021-22854
HIGH
HR Portal - Unauthenticated SQL Injection
CVSS 7.5
CVE-2021-22856
CRITICAL
CGE Property Management System - SQL Injection
CVSS 9.8
CVE-2021-27234
CRITICAL
Mutare Voice <3.3.8 - SQL Injection
CVSS 9.8
CVE-2021-3239
CRITICAL
E-Learning System 1.0 - SQL Injection
CVSS 9.8
CVE-2021-26822
CRITICAL
Teachers Record Management System 1.0 - Unauthenticated SQL Injection via searchteacher Parameter
CVSS 9.8
CVE-2021-26201
CRITICAL
CASAP Automated Enrollment System 1.0 - SQL Injection Authentication Bypass via Login Username Field
CVSS 9.8
CVE-2021-26200
CRITICAL
Library System 1.0 - SQL Injection
CVSS 9.8
CVE-2021-26751
HIGH
NeDi 1.9C - Authenticated SQL Injection via Monitoring History det Parameter
CVSS 8.8
CVE-2021-21024
CRITICAL
Magento <2.4.1, 2.4.0-p1, 2.3.6 - SQL Injection
CVSS 9.1
CVE-2021-22658
CRITICAL
Advantech iView <5.7.03.6112 - Privilege Escalation
CVSS 9.8
Details
Vulnerabilities
19,835
Exploit Likelihood
High