Explore CVEs related to SQL Injection vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing SQL Injection CVEs published in 2021. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2021-36722 | Emuse - eServices / eNvoice SQL injection can be used in various ways ranging from bypassing login authentication or dumping the whole database to full RCE on the affected endpoints. The SQLi caused by CWE-209: Generation of Error Message Containig Sensetive Information, showing parts of the aspx code and the webroot location , information an attacker can leverage to further compromise the host. | 7.1 | 0.18% | 2021-12-29 | 2024-11-21 |
| CVE-2021-44161 | Changing MOTP (Mobile One Time Password) system’s specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, modify or delete backend database without authentication. | 8.8 | 0.16% | 2021-12-29 | 2024-11-21 |
| CVE-2021-45814 | Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attacker can bypass authentication and access the panel with an administrative account. | 9.8 | 0.36% | 2021-12-28 | 2024-11-21 |
| CVE-2021-24753 | The Rich Reviews by Starfish WordPress plugin before 1.9.6 does not properly validate the orderby GET parameter of the pending reviews page before using it in a SQL statement, leading to an authenticated SQL injection issue | 7.2 | 0.90% | 2021-12-27 | 2024-11-21 |
| CVE-2021-44600 | The password parameter on Simple Online Mens Salon Management System (MSMS) 1.0 appears to be vulnerable to SQL injection attacks through the password parameter. The predictive tests of this application interacted with that domain, indicating that the injected SQL query was executed. The attacker can retrieve all authentication and information about the users of this system. | 7.5 | 0.28% | 2021-12-23 | 2025-02-11 |
| CVE-2021-44599 | The id parameter from Online Enrollment Management System 1.0 system appears to be vulnerable to SQL injection attacks. A crafted payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed. The attacker can retrieve sensitive information for all users of this system. | 7.5 | 0.25% | 2021-12-23 | 2024-11-21 |
| CVE-2021-21937 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | 6.5 | 1.60% | 2021-12-22 | 2024-11-21 |
| CVE-2021-21936 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘health_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | 8.8 | 1.68% | 2021-12-22 | 2024-11-21 |
| CVE-2021-21935 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter2’ parameter. This can be done as any authenticated user or through cross-site request forgery. | 6.5 | 1.60% | 2021-12-22 | 2024-11-21 |
| CVE-2021-21934 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘imei_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | 6.5 | 1.60% | 2021-12-22 | 2024-11-21 |
| CVE-2021-21933 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘esn_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | 6.5 | 1.60% | 2021-12-22 | 2024-11-21 |
| CVE-2021-21932 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘name_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | 6.5 | 1.60% | 2021-12-22 | 2024-11-21 |
| CVE-2021-21931 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at‘ stat_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | 6.5 | 1.60% | 2021-12-22 | 2024-11-21 |
| CVE-2021-21930 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘sn_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | 6.5 | 1.60% | 2021-12-22 | 2024-11-21 |
| CVE-2021-21929 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘prod_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | 6.5 | 1.60% | 2021-12-22 | 2024-11-21 |
| CVE-2021-21928 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘mac_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | 6.5 | 1.60% | 2021-12-22 | 2024-11-21 |
| CVE-2021-21927 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘loc_filter’ parameter. | 6.5 | 1.60% | 2021-12-22 | 2024-11-21 |
| CVE-2021-21926 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘health_filter’ parameter. | 6.5 | 1.60% | 2021-12-22 | 2024-11-21 |
| CVE-2021-21925 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘firm_filter’ parameter. | 6.5 | 1.60% | 2021-12-22 | 2024-11-21 |
| CVE-2021-21924 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘desc_filter’ parameter. | 6.5 | 1.88% | 2021-12-22 | 2024-11-21 |