CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,835 vulnerabilities with CWE-89
CVE-2021-22654 HIGH
Advantech iView <5.7.03.6112 - Info Disclosure
CVSS 7.5
CVE-2021-26754 CRITICAL
wpDataTables < 3.4.1 - SQL Injection via Server-Side Table Order Direction Parameter
CVSS 9.8
CVE-2021-20016 CRITICAL KEV
SonicWall SMA100 Firmware 10.0.0.0-10.2.0.5-d-29sv - Unauthenticated SQL Injection
CVSS 9.8
CVE-2021-3286 CRITICAL
Spotweb 1.4.9 - SQL Injection via Inadequate notAllowedCommands Protection
CVSS 9.8
CVE-2021-3278 CRITICAL
Local Service Search Engine Management System 1.0 - Auth Bypass
CVSS 9.8
CVE-2021-22847 HIGH
Hyweb HyCMS-J1 < 7.4.3 - Unauthenticated SQL Injection via POST Parameters
CVSS 8.8
CVE-2021-1248 HIGH
Cisco Data Center Network Manager < 11.5(1) - Authenticated SQL Injection
CVSS 8.8
CVE-2021-1247 HIGH
Cisco Data Center Network Manager < 11.5(1) - Authenticated SQL Injection
CVSS 8.8
CVE-2021-1225 CRITICAL
Cisco SD-WAN vManage Software - SQL Injection
CVSS 9.1
CVE-2021-1222 HIGH
Cisco Smart Software Manager Satellite - SQL Injection
CVSS 8.1
CVE-2021-1364 MEDIUM
Cisco Unified Communications Manager and IM & Presence Service < 11.5(1)su9 - Path Traversal and SQL Injection
CVSS 6.5
CVE-2021-1355 MEDIUM
Cisco Unified Communications Manager and IM & Presence Service < 11.5(1)su9 - Path Traversal and SQL Injection
CVSS 6.5
CVE-2021-1282 MEDIUM
Cisco Unified Communications Manager and IM & Presence Service < 11.5(1)su9 - Path Traversal and SQL Injection
CVSS 6.5
CVE-2021-3110 CRITICAL
PrestaShop 1.7.7.0 - SQL Injection via Product Comments Module id_products[] Parameter
CVSS 9.8
CVE-2021-21263 HIGH
Laravel <6.20.11, 7.30.2, 8.22.1 - SQL Injection
CVSS 7.2
CVE-2021-22852 HIGH
HGiga oaklouds_openid >=2.0 <2.0-54 - SQL Injection via Online Registration URL Parameter
CVSS 8.8
CVE-2021-22851 CRITICAL
HGiga oaklouds_openid >=2.0 <2.0-54 - SQL Injection via Document Management Page URL Parameter
CVSS 9.8
CVE-2021-23837 MEDIUM
flatcore < 2.0.0 - Time-Based Blind SQL Injection via selected_folder Parameter
CVSS 6.5
CVE-2021-1636 HIGH
Microsoft SQL Server - SQL Injection
CVSS 8.8
CVE-2021-21465 CRITICAL
SAP Business Warehouse - Authenticated SQL Injection via BW Database Interface
CVSS 9.9
CVE-2021-3118 CRITICAL
EVOLUCARE ECSIMAGING < 6.21.5 - SQL Injection via Login and Password Reset Forms
CVSS 9.8
CVE-2021-3025 HIGH
Invision Community IPS Community Suite <4.5.4.2 - SQL Injection
CVSS 8.8
CVE-2021-3021 CRITICAL
ISPConfig < 3.2.2 - SQL Injection
CVSS 9.8
CVE-2021-3018 CRITICAL
ipeak Infosystems ibexwebCMS <3.5 - SQL Injection
CVSS 9.8
CVE-2020-37244 HIGH
WordPress Plugin Supsystic Membership 1.4.7 SQL Injection via sidx
CVSS 8.2
Details
Vulnerabilities 19,835
Exploit Likelihood High