VYPR

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7

CVEs mapped to this weakness (10,236)

page 100 of 512
  • CVE-2024-53815HigDec 6, 2024
    risk 0.55cvss 8.5epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Blind SQL Injection.This issue affects Pinpoint Booking System: from n/a through <= 2.9.9.5.1.

  • CVE-2024-53808HigDec 6, 2024
    risk 0.55cvss 8.5epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows SQL Injection.This issue affects NEX-Forms: from n/a through <= 8.7.8.

  • CVE-2024-53807HigDec 6, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in brandtoss WP Mailster wp-mailster allows Blind SQL Injection.This issue affects WP Mailster: from n/a through <= 1.8.16.0.

  • CVE-2024-53792HigDec 2, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bob Watu Quiz watu allows SQL Injection.This issue affects Watu Quiz: from n/a through <= 3.4.1.2.

  • CVE-2024-52495HigNov 28, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in enituretechnology Distance Based Shipping Calculator distance-based-shipping-calculator allows SQL Injection.This issue affects Distance Based Shipping Calculator: from n/a…

  • CVE-2024-51882HigNov 11, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopalkumar315 Gboy Custom Google Map gboy-custom-google-map allows Blind SQL Injection.This issue affects Gboy Custom Google Map: from n/a through <= 1.2.

  • CVE-2024-51845HigNov 11, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in richteam Share Buttons – Social Media rich-web-share-button allows Blind SQL Injection.This issue affects Share Buttons – Social Media: from n/a through <= 1.0.2.

  • CVE-2024-51843HigNov 11, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in fruitcakestudios Horsemanager fruitcake-horsemanager allows Blind SQL Injection.This issue affects Horsemanager: from n/a through <= 1.3.

  • CVE-2024-51837HigNov 11, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sophia M Williams WP Contest wp-contest allows SQL Injection.This issue affects WP Contest: from n/a through <= 1.0.0.

  • CVE-2024-51820HigNov 11, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wplsquared L Squared Hub WP l-squared-hub-wp-virtual-device allows SQL Injection.This issue affects L Squared Hub WP: from n/a through <= 1.0.

  • CVE-2024-51608HigNov 9, 2024
    risk 0.55cvss 8.5epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in colinph970 AmaDiscount amadiscount allows SQL Injection.This issue affects AmaDiscount: from n/a through <= 1.0.

  • CVE-2024-51606HigNov 9, 2024
    risk 0.55cvss 8.5epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Blrt Blrt WP Embed blrt-wp-embed allows SQL Injection.This issue affects Blrt WP Embed: from n/a through <= 1.6.9.

  • CVE-2024-51623HigNov 9, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mehral WP EIS wp-eis allows SQL Injection.This issue affects WP EIS: from n/a through <= 1.3.3.

  • CVE-2024-50544HigNov 9, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MicahBlu RSVP ME rsvp-me allows SQL Injection.This issue affects RSVP ME: from n/a through <= 1.9.9.

  • CVE-2024-50539HigNov 9, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in lodgix Lodgix.com Vacation Rental Website Builder lodgixcom-vacation-rental-listing-management-booking-plugin allows SQL Injection.This issue affects Lodgix.com Vacation Rental…

  • CVE-2024-50524HigNov 9, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Quý Lê 91 Administrator Z administrator-z allows Blind SQL Injection.This issue affects Administrator Z: from n/a through < 2024.10.21.

  • CVE-2024-51625HigNov 9, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in edckwt Quran Shortcode quran-shortcode allows Blind SQL Injection.This issue affects Quran Shortcode: from n/a through <= 1.5.

  • CVE-2024-51621HigNov 9, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reza19 Download-Mirror-Counter wp-download-mirror-counter allows SQL Injection.This issue affects Download-Mirror-Counter: from n/a through <= 1.1.

  • CVE-2024-51620HigNov 9, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in porsline Porsline porsline allows Blind SQL Injection.This issue affects Porsline: from n/a through <= 1.0.2.

  • CVE-2024-51619HigNov 9, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in market360 Market 360 Viewer market-360-viewer allows Blind SQL Injection.This issue affects Market 360 Viewer: from n/a through <= 1.01.