CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,835 vulnerabilities with CWE-89
CVE-2021-22654
HIGH
Advantech iView <5.7.03.6112 - Info Disclosure
CVSS 7.5
CVE-2021-26754
CRITICAL
wpDataTables < 3.4.1 - SQL Injection via Server-Side Table Order Direction Parameter
CVSS 9.8
CVE-2021-20016
CRITICAL
KEV
SonicWall SMA100 Firmware 10.0.0.0-10.2.0.5-d-29sv - Unauthenticated SQL Injection
CVSS 9.8
CVE-2021-3286
CRITICAL
Spotweb 1.4.9 - SQL Injection via Inadequate notAllowedCommands Protection
CVSS 9.8
CVE-2021-3278
CRITICAL
Local Service Search Engine Management System 1.0 - Auth Bypass
CVSS 9.8
CVE-2021-22847
HIGH
Hyweb HyCMS-J1 < 7.4.3 - Unauthenticated SQL Injection via POST Parameters
CVSS 8.8
CVE-2021-1248
HIGH
Cisco Data Center Network Manager < 11.5(1) - Authenticated SQL Injection
CVSS 8.8
CVE-2021-1247
HIGH
Cisco Data Center Network Manager < 11.5(1) - Authenticated SQL Injection
CVSS 8.8
CVE-2021-1225
CRITICAL
Cisco SD-WAN vManage Software - SQL Injection
CVSS 9.1
CVE-2021-1222
HIGH
Cisco Smart Software Manager Satellite - SQL Injection
CVSS 8.1
CVE-2021-1364
MEDIUM
Cisco Unified Communications Manager and IM & Presence Service < 11.5(1)su9 - Path Traversal and SQL Injection
CVSS 6.5
CVE-2021-1355
MEDIUM
Cisco Unified Communications Manager and IM & Presence Service < 11.5(1)su9 - Path Traversal and SQL Injection
CVSS 6.5
CVE-2021-1282
MEDIUM
Cisco Unified Communications Manager and IM & Presence Service < 11.5(1)su9 - Path Traversal and SQL Injection
CVSS 6.5
CVE-2021-3110
CRITICAL
PrestaShop 1.7.7.0 - SQL Injection via Product Comments Module id_products[] Parameter
CVSS 9.8
CVE-2021-21263
HIGH
Laravel <6.20.11, 7.30.2, 8.22.1 - SQL Injection
CVSS 7.2
CVE-2021-22852
HIGH
HGiga oaklouds_openid >=2.0 <2.0-54 - SQL Injection via Online Registration URL Parameter
CVSS 8.8
CVE-2021-22851
CRITICAL
HGiga oaklouds_openid >=2.0 <2.0-54 - SQL Injection via Document Management Page URL Parameter
CVSS 9.8
CVE-2021-23837
MEDIUM
flatcore < 2.0.0 - Time-Based Blind SQL Injection via selected_folder Parameter
CVSS 6.5
CVE-2021-1636
HIGH
Microsoft SQL Server - SQL Injection
CVSS 8.8
CVE-2021-21465
CRITICAL
SAP Business Warehouse - Authenticated SQL Injection via BW Database Interface
CVSS 9.9
CVE-2021-3118
CRITICAL
EVOLUCARE ECSIMAGING < 6.21.5 - SQL Injection via Login and Password Reset Forms
CVSS 9.8
CVE-2021-3025
HIGH
Invision Community IPS Community Suite <4.5.4.2 - SQL Injection
CVSS 8.8
CVE-2021-3021
CRITICAL
ISPConfig < 3.2.2 - SQL Injection
CVSS 9.8
CVE-2021-3018
CRITICAL
ipeak Infosystems ibexwebCMS <3.5 - SQL Injection
CVSS 9.8
CVE-2020-37244
HIGH
WordPress Plugin Supsystic Membership 1.4.7 SQL Injection via sidx
CVSS 8.2
Details
Vulnerabilities
19,835
Exploit Likelihood
High