CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7
CVEs mapped to this weakness (10,236)
page 100 of 512| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-53815 | Hig | 0.55 | 8.5 | 0.01 | Dec 6, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Blind SQL Injection.This issue affects Pinpoint Booking System: from n/a through <= 2.9.9.5.1. | ||
| CVE-2024-53808 | Hig | 0.55 | 8.5 | 0.01 | Dec 6, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows SQL Injection.This issue affects NEX-Forms: from n/a through <= 8.7.8. | ||
| CVE-2024-53807 | Hig | 0.55 | 8.5 | 0.00 | Dec 6, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in brandtoss WP Mailster wp-mailster allows Blind SQL Injection.This issue affects WP Mailster: from n/a through <= 1.8.16.0. | ||
| CVE-2024-53792 | Hig | 0.55 | 8.5 | 0.00 | Dec 2, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bob Watu Quiz watu allows SQL Injection.This issue affects Watu Quiz: from n/a through <= 3.4.1.2. | ||
| CVE-2024-52495 | Hig | 0.55 | 8.5 | 0.00 | Nov 28, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in enituretechnology Distance Based Shipping Calculator distance-based-shipping-calculator allows SQL Injection.This issue affects Distance Based Shipping Calculator: from n/a… | ||
| CVE-2024-51882 | Hig | 0.55 | 8.5 | 0.00 | Nov 11, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopalkumar315 Gboy Custom Google Map gboy-custom-google-map allows Blind SQL Injection.This issue affects Gboy Custom Google Map: from n/a through <= 1.2. | ||
| CVE-2024-51845 | Hig | 0.55 | 8.5 | 0.00 | Nov 11, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in richteam Share Buttons – Social Media rich-web-share-button allows Blind SQL Injection.This issue affects Share Buttons – Social Media: from n/a through <= 1.0.2. | ||
| CVE-2024-51843 | Hig | 0.55 | 8.5 | 0.00 | Nov 11, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in fruitcakestudios Horsemanager fruitcake-horsemanager allows Blind SQL Injection.This issue affects Horsemanager: from n/a through <= 1.3. | ||
| CVE-2024-51837 | Hig | 0.55 | 8.5 | 0.00 | Nov 11, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sophia M Williams WP Contest wp-contest allows SQL Injection.This issue affects WP Contest: from n/a through <= 1.0.0. | ||
| CVE-2024-51820 | Hig | 0.55 | 8.5 | 0.00 | Nov 11, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wplsquared L Squared Hub WP l-squared-hub-wp-virtual-device allows SQL Injection.This issue affects L Squared Hub WP: from n/a through <= 1.0. | ||
| CVE-2024-51608 | Hig | 0.55 | 8.5 | 0.01 | Nov 9, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in colinph970 AmaDiscount amadiscount allows SQL Injection.This issue affects AmaDiscount: from n/a through <= 1.0. | ||
| CVE-2024-51606 | Hig | 0.55 | 8.5 | 0.01 | Nov 9, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Blrt Blrt WP Embed blrt-wp-embed allows SQL Injection.This issue affects Blrt WP Embed: from n/a through <= 1.6.9. | ||
| CVE-2024-51623 | Hig | 0.55 | 8.5 | 0.00 | Nov 9, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mehral WP EIS wp-eis allows SQL Injection.This issue affects WP EIS: from n/a through <= 1.3.3. | ||
| CVE-2024-50544 | Hig | 0.55 | 8.5 | 0.00 | Nov 9, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MicahBlu RSVP ME rsvp-me allows SQL Injection.This issue affects RSVP ME: from n/a through <= 1.9.9. | ||
| CVE-2024-50539 | Hig | 0.55 | 8.5 | 0.00 | Nov 9, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in lodgix Lodgix.com Vacation Rental Website Builder lodgixcom-vacation-rental-listing-management-booking-plugin allows SQL Injection.This issue affects Lodgix.com Vacation Rental… | ||
| CVE-2024-50524 | Hig | 0.55 | 8.5 | 0.00 | Nov 9, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Quý Lê 91 Administrator Z administrator-z allows Blind SQL Injection.This issue affects Administrator Z: from n/a through < 2024.10.21. | ||
| CVE-2024-51625 | Hig | 0.55 | 8.5 | 0.00 | Nov 9, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in edckwt Quran Shortcode quran-shortcode allows Blind SQL Injection.This issue affects Quran Shortcode: from n/a through <= 1.5. | ||
| CVE-2024-51621 | Hig | 0.55 | 8.5 | 0.00 | Nov 9, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reza19 Download-Mirror-Counter wp-download-mirror-counter allows SQL Injection.This issue affects Download-Mirror-Counter: from n/a through <= 1.1. | ||
| CVE-2024-51620 | Hig | 0.55 | 8.5 | 0.00 | Nov 9, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in porsline Porsline porsline allows Blind SQL Injection.This issue affects Porsline: from n/a through <= 1.0.2. | ||
| CVE-2024-51619 | Hig | 0.55 | 8.5 | 0.00 | Nov 9, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in market360 Market 360 Viewer market-360-viewer allows Blind SQL Injection.This issue affects Market 360 Viewer: from n/a through <= 1.01. |
- risk 0.55cvss 8.5epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Blind SQL Injection.This issue affects Pinpoint Booking System: from n/a through <= 2.9.9.5.1.
- risk 0.55cvss 8.5epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows SQL Injection.This issue affects NEX-Forms: from n/a through <= 8.7.8.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in brandtoss WP Mailster wp-mailster allows Blind SQL Injection.This issue affects WP Mailster: from n/a through <= 1.8.16.0.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bob Watu Quiz watu allows SQL Injection.This issue affects Watu Quiz: from n/a through <= 3.4.1.2.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in enituretechnology Distance Based Shipping Calculator distance-based-shipping-calculator allows SQL Injection.This issue affects Distance Based Shipping Calculator: from n/a…
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopalkumar315 Gboy Custom Google Map gboy-custom-google-map allows Blind SQL Injection.This issue affects Gboy Custom Google Map: from n/a through <= 1.2.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in richteam Share Buttons – Social Media rich-web-share-button allows Blind SQL Injection.This issue affects Share Buttons – Social Media: from n/a through <= 1.0.2.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in fruitcakestudios Horsemanager fruitcake-horsemanager allows Blind SQL Injection.This issue affects Horsemanager: from n/a through <= 1.3.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sophia M Williams WP Contest wp-contest allows SQL Injection.This issue affects WP Contest: from n/a through <= 1.0.0.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wplsquared L Squared Hub WP l-squared-hub-wp-virtual-device allows SQL Injection.This issue affects L Squared Hub WP: from n/a through <= 1.0.
- risk 0.55cvss 8.5epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in colinph970 AmaDiscount amadiscount allows SQL Injection.This issue affects AmaDiscount: from n/a through <= 1.0.
- risk 0.55cvss 8.5epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Blrt Blrt WP Embed blrt-wp-embed allows SQL Injection.This issue affects Blrt WP Embed: from n/a through <= 1.6.9.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mehral WP EIS wp-eis allows SQL Injection.This issue affects WP EIS: from n/a through <= 1.3.3.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MicahBlu RSVP ME rsvp-me allows SQL Injection.This issue affects RSVP ME: from n/a through <= 1.9.9.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in lodgix Lodgix.com Vacation Rental Website Builder lodgixcom-vacation-rental-listing-management-booking-plugin allows SQL Injection.This issue affects Lodgix.com Vacation Rental…
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Quý Lê 91 Administrator Z administrator-z allows Blind SQL Injection.This issue affects Administrator Z: from n/a through < 2024.10.21.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in edckwt Quran Shortcode quran-shortcode allows Blind SQL Injection.This issue affects Quran Shortcode: from n/a through <= 1.5.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reza19 Download-Mirror-Counter wp-download-mirror-counter allows SQL Injection.This issue affects Download-Mirror-Counter: from n/a through <= 1.1.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in porsline Porsline porsline allows Blind SQL Injection.This issue affects Porsline: from n/a through <= 1.0.2.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in market360 Market 360 Viewer market-360-viewer allows Blind SQL Injection.This issue affects Market 360 Viewer: from n/a through <= 1.01.