探索与 SQL Injection 漏洞相关的 CVE,并按公开年份筛选。本列表默认优先展示最新披露,并支持按 CVSS 与 EPSS 风险分数进一步筛选。
覆盖最新漏洞披露与趋势,帮助安全团队快速识别高风险问题与被利用可能性。
当前为 SQL Injection 类型、2021 年公开的 CVE。 查看完整 CVE 列表
| CVE | 描述 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|
| CVE-2021-36722 | Emuse - eServices / eNvoice SQL injection can be used in various ways ranging from bypassing login authentication or dumping the whole database to full RCE on the affected endpoints. The SQLi caused by CWE-209: Generation of Error Message Containig Sensetive Information, showing parts of the aspx code and the webroot location , information an attacker can leverage to further compromise the host. | 7.1 | 1.35% | 2021-12-29 | 2026-06-16 |
| CVE-2021-44161 | Changing MOTP (Mobile One Time Password) system’s specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, modify or delete backend database without authentication. | 8.8 | 0.50% | 2021-12-29 | 2026-06-17 |
| CVE-2021-45814 | Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attacker can bypass authentication and access the panel with an administrative account. | 9.8 | 6.34% | 2021-12-28 | 2026-06-17 |
| CVE-2021-24753 | The Rich Reviews by Starfish WordPress plugin before 1.9.6 does not properly validate the orderby GET parameter of the pending reviews page before using it in a SQL statement, leading to an authenticated SQL injection issue | 7.2 | 1.50% | 2021-12-27 | 2026-06-16 |
| CVE-2021-44600 | The password parameter on Simple Online Mens Salon Management System (MSMS) 1.0 appears to be vulnerable to SQL injection attacks through the password parameter. The predictive tests of this application interacted with that domain, indicating that the injected SQL query was executed. The attacker can retrieve all authentication and information about the users of this system. | 7.5 | 1.26% | 2021-12-23 | 2026-06-17 |
| CVE-2021-44599 | The id parameter from Online Enrollment Management System 1.0 system appears to be vulnerable to SQL injection attacks. A crafted payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed. The attacker can retrieve sensitive information for all users of this system. | 7.5 | 1.21% | 2021-12-23 | 2026-06-17 |
| CVE-2021-21937 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | 6.5 | 1.15% | 2021-12-22 | 2026-06-16 |
| CVE-2021-21936 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘health_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | 8.8 | 1.38% | 2021-12-22 | 2026-06-16 |
| CVE-2021-21935 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter2’ parameter. This can be done as any authenticated user or through cross-site request forgery. | 6.5 | 1.14% | 2021-12-22 | 2026-06-16 |
| CVE-2021-21934 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘imei_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | 6.5 | 1.14% | 2021-12-22 | 2026-06-16 |
| CVE-2021-21933 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘esn_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | 6.5 | 1.14% | 2021-12-22 | 2026-06-16 |
| CVE-2021-21932 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘name_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | 6.5 | 1.14% | 2021-12-22 | 2026-06-16 |
| CVE-2021-21931 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at‘ stat_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | 6.5 | 1.14% | 2021-12-22 | 2026-06-16 |
| CVE-2021-21930 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘sn_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | 6.5 | 1.14% | 2021-12-22 | 2026-06-16 |
| CVE-2021-21929 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘prod_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | 6.5 | 1.14% | 2021-12-22 | 2026-06-16 |
| CVE-2021-21928 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘mac_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | 6.5 | 1.14% | 2021-12-22 | 2026-06-16 |
| CVE-2021-21927 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘loc_filter’ parameter. | 6.5 | 1.14% | 2021-12-22 | 2026-06-16 |
| CVE-2021-21926 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘health_filter’ parameter. | 6.5 | 1.14% | 2021-12-22 | 2026-06-16 |
| CVE-2021-21925 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘firm_filter’ parameter. | 6.5 | 1.14% | 2021-12-22 | 2026-06-16 |
| CVE-2021-21924 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘desc_filter’ parameter. | 6.5 | 20.16% | 2021-12-22 | 2026-06-16 |