VYPR

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7

CVEs mapped to this weakness (10,236)

page 101 of 512
  • CVE-2024-51607HigNov 9, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in percent20 Golf Tracker golf-tracker allows SQL Injection.This issue affects Golf Tracker: from n/a through <= 0.7.

  • CVE-2024-51602HigNov 9, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in oleksandr87 Simple Job Manager simple-job-manager allows SQL Injection.This issue affects Simple Job Manager: from n/a through <= 1.1.

  • CVE-2024-51601HigNov 9, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Maksym Marko Website price calculator price-calculator-to-your-website allows SQL Injection.This issue affects Website price calculator: from n/a through <= 4.1.

  • CVE-2024-51579HigNov 9, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saleswonder Team: Tobias 5 Stars Rating Funnel 5-stars-rating-funnel.This issue affects 5 Stars Rating Funnel: from n/a through <= 1.4.01.

  • CVE-2024-51570HigNov 9, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in odihost Easy Gallery simple-gallery-odihost allows SQL Injection.This issue affects Easy Gallery: from n/a through <= 1.4.

  • CVE-2024-51626HigNov 4, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in chenyenming Woocommerce Quote Calculator woo-quote-calculator-order allows Blind SQL Injection.This issue affects Woocommerce Quote Calculator: from n/a through <= 1.1.

  • CVE-2024-50465HigOct 28, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP SEO – Calin Vingan Premium SEO Pack allows SQL Injection.This issue affects Premium SEO Pack: from n/a through 1.6.001.

  • CVE-2024-49620HigOct 20, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mrcheck116 FERMA.ru.net ferma-ru-net-checkout allows Blind SQL Injection.This issue affects FERMA.ru.net: from n/a through <= 1.3.3.

  • CVE-2024-49619HigOct 20, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in acespritech Social Link Groups social-link-groups allows Blind SQL Injection.This issue affects Social Link Groups: from n/a through <= 1.1.0.

  • CVE-2024-49618HigOct 20, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jordan Lyall MyTweetLinks mytweetlinks allows Blind SQL Injection.This issue affects MyTweetLinks: from n/a through <= 1.1.1.

  • CVE-2024-49616HigOct 20, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in nyasro Rate Own Post rate-own-post allows Blind SQL Injection.This issue affects Rate Own Post: from n/a through <= 1.0.

  • CVE-2024-49614HigOct 20, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SermonAudio SermonAudio Widgets sermonaudio-widgets allows SQL Injection.This issue affects SermonAudio Widgets: from n/a through <= 1.9.3.

  • CVE-2024-49613HigOct 20, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in developersnote Simple Code Insert Shortcode simple-code-insert-shortcode allows SQL Injection.This issue affects Simple Code Insert Shortcode: from n/a through <= 1.0.

  • CVE-2024-49612HigOct 20, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sanjeev SW Contact Form sw-contact-form allows Blind SQL Injection.This issue affects SW Contact Form: from n/a through <= 1.0.

  • CVE-2024-49609HigOct 20, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brandon White Author Discussion author-discussion allows Blind SQL Injection.This issue affects Author Discussion: from n/a through <= 0.2.2.

  • CVE-2024-47325HigOct 20, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle MPG multiple-pages-generator-by-porthas allows SQL Injection.This issue affects MPG: from n/a through <= 3.4.7.

  • CVE-2024-49623HigOct 20, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hasan movahed Duplicate Title Validate duplicate-title-validate allows Blind SQL Injection.This issue affects Duplicate Title Validate: from n/a through <= 1.0.

  • CVE-2024-49297HigOct 17, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in zohocrm Zoho CRM Lead Magnet zoho-crm-forms allows SQL Injection.This issue affects Zoho CRM Lead Magnet: from n/a through <= 1.7.9.7.

  • CVE-2024-49244HigOct 17, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in vrinsoft CSV Product Import Export for WooCommerce csv-wc-product-import-export.This issue affects CSV Product Import Export for WooCommerce: from n/a through <= 1.0.0.

  • CVE-2024-47312HigOct 17, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Grim Classic Editor and Classic Widgets classic-editor-and-classic-widgets allows SQL Injection.This issue affects Classic Editor and Classic Widgets: from n/a through <=…