CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7
CVEs mapped to this weakness (10,236)
page 101 of 512| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-51607 | Hig | 0.55 | 8.5 | 0.00 | Nov 9, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in percent20 Golf Tracker golf-tracker allows SQL Injection.This issue affects Golf Tracker: from n/a through <= 0.7. | ||
| CVE-2024-51602 | Hig | 0.55 | 8.5 | 0.00 | Nov 9, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in oleksandr87 Simple Job Manager simple-job-manager allows SQL Injection.This issue affects Simple Job Manager: from n/a through <= 1.1. | ||
| CVE-2024-51601 | Hig | 0.55 | 8.5 | 0.00 | Nov 9, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Maksym Marko Website price calculator price-calculator-to-your-website allows SQL Injection.This issue affects Website price calculator: from n/a through <= 4.1. | ||
| CVE-2024-51579 | Hig | 0.55 | 8.5 | 0.00 | Nov 9, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saleswonder Team: Tobias 5 Stars Rating Funnel 5-stars-rating-funnel.This issue affects 5 Stars Rating Funnel: from n/a through <= 1.4.01. | ||
| CVE-2024-51570 | Hig | 0.55 | 8.5 | 0.00 | Nov 9, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in odihost Easy Gallery simple-gallery-odihost allows SQL Injection.This issue affects Easy Gallery: from n/a through <= 1.4. | ||
| CVE-2024-51626 | Hig | 0.55 | 8.5 | 0.00 | Nov 4, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in chenyenming Woocommerce Quote Calculator woo-quote-calculator-order allows Blind SQL Injection.This issue affects Woocommerce Quote Calculator: from n/a through <= 1.1. | ||
| CVE-2024-50465 | Hig | 0.55 | 8.5 | 0.00 | Oct 28, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP SEO – Calin Vingan Premium SEO Pack allows SQL Injection.This issue affects Premium SEO Pack: from n/a through 1.6.001. | ||
| CVE-2024-49620 | Hig | 0.55 | 8.5 | 0.00 | Oct 20, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mrcheck116 FERMA.ru.net ferma-ru-net-checkout allows Blind SQL Injection.This issue affects FERMA.ru.net: from n/a through <= 1.3.3. | ||
| CVE-2024-49619 | Hig | 0.55 | 8.5 | 0.00 | Oct 20, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in acespritech Social Link Groups social-link-groups allows Blind SQL Injection.This issue affects Social Link Groups: from n/a through <= 1.1.0. | ||
| CVE-2024-49618 | Hig | 0.55 | 8.5 | 0.00 | Oct 20, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jordan Lyall MyTweetLinks mytweetlinks allows Blind SQL Injection.This issue affects MyTweetLinks: from n/a through <= 1.1.1. | ||
| CVE-2024-49616 | Hig | 0.55 | 8.5 | 0.00 | Oct 20, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in nyasro Rate Own Post rate-own-post allows Blind SQL Injection.This issue affects Rate Own Post: from n/a through <= 1.0. | ||
| CVE-2024-49614 | Hig | 0.55 | 8.5 | 0.00 | Oct 20, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SermonAudio SermonAudio Widgets sermonaudio-widgets allows SQL Injection.This issue affects SermonAudio Widgets: from n/a through <= 1.9.3. | ||
| CVE-2024-49613 | Hig | 0.55 | 8.5 | 0.00 | Oct 20, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in developersnote Simple Code Insert Shortcode simple-code-insert-shortcode allows SQL Injection.This issue affects Simple Code Insert Shortcode: from n/a through <= 1.0. | ||
| CVE-2024-49612 | Hig | 0.55 | 8.5 | 0.00 | Oct 20, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sanjeev SW Contact Form sw-contact-form allows Blind SQL Injection.This issue affects SW Contact Form: from n/a through <= 1.0. | ||
| CVE-2024-49609 | Hig | 0.55 | 8.5 | 0.00 | Oct 20, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brandon White Author Discussion author-discussion allows Blind SQL Injection.This issue affects Author Discussion: from n/a through <= 0.2.2. | ||
| CVE-2024-47325 | Hig | 0.55 | 8.5 | 0.00 | Oct 20, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle MPG multiple-pages-generator-by-porthas allows SQL Injection.This issue affects MPG: from n/a through <= 3.4.7. | ||
| CVE-2024-49623 | Hig | 0.55 | 8.5 | 0.00 | Oct 20, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hasan movahed Duplicate Title Validate duplicate-title-validate allows Blind SQL Injection.This issue affects Duplicate Title Validate: from n/a through <= 1.0. | ||
| CVE-2024-49297 | Hig | 0.55 | 8.5 | 0.00 | Oct 17, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in zohocrm Zoho CRM Lead Magnet zoho-crm-forms allows SQL Injection.This issue affects Zoho CRM Lead Magnet: from n/a through <= 1.7.9.7. | ||
| CVE-2024-49244 | Hig | 0.55 | 8.5 | 0.00 | Oct 17, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in vrinsoft CSV Product Import Export for WooCommerce csv-wc-product-import-export.This issue affects CSV Product Import Export for WooCommerce: from n/a through <= 1.0.0. | ||
| CVE-2024-47312 | Hig | 0.55 | 8.5 | 0.00 | Oct 17, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Grim Classic Editor and Classic Widgets classic-editor-and-classic-widgets allows SQL Injection.This issue affects Classic Editor and Classic Widgets: from n/a through <=… |
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in percent20 Golf Tracker golf-tracker allows SQL Injection.This issue affects Golf Tracker: from n/a through <= 0.7.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in oleksandr87 Simple Job Manager simple-job-manager allows SQL Injection.This issue affects Simple Job Manager: from n/a through <= 1.1.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Maksym Marko Website price calculator price-calculator-to-your-website allows SQL Injection.This issue affects Website price calculator: from n/a through <= 4.1.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saleswonder Team: Tobias 5 Stars Rating Funnel 5-stars-rating-funnel.This issue affects 5 Stars Rating Funnel: from n/a through <= 1.4.01.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in odihost Easy Gallery simple-gallery-odihost allows SQL Injection.This issue affects Easy Gallery: from n/a through <= 1.4.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in chenyenming Woocommerce Quote Calculator woo-quote-calculator-order allows Blind SQL Injection.This issue affects Woocommerce Quote Calculator: from n/a through <= 1.1.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP SEO – Calin Vingan Premium SEO Pack allows SQL Injection.This issue affects Premium SEO Pack: from n/a through 1.6.001.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mrcheck116 FERMA.ru.net ferma-ru-net-checkout allows Blind SQL Injection.This issue affects FERMA.ru.net: from n/a through <= 1.3.3.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in acespritech Social Link Groups social-link-groups allows Blind SQL Injection.This issue affects Social Link Groups: from n/a through <= 1.1.0.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jordan Lyall MyTweetLinks mytweetlinks allows Blind SQL Injection.This issue affects MyTweetLinks: from n/a through <= 1.1.1.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in nyasro Rate Own Post rate-own-post allows Blind SQL Injection.This issue affects Rate Own Post: from n/a through <= 1.0.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SermonAudio SermonAudio Widgets sermonaudio-widgets allows SQL Injection.This issue affects SermonAudio Widgets: from n/a through <= 1.9.3.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in developersnote Simple Code Insert Shortcode simple-code-insert-shortcode allows SQL Injection.This issue affects Simple Code Insert Shortcode: from n/a through <= 1.0.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sanjeev SW Contact Form sw-contact-form allows Blind SQL Injection.This issue affects SW Contact Form: from n/a through <= 1.0.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brandon White Author Discussion author-discussion allows Blind SQL Injection.This issue affects Author Discussion: from n/a through <= 0.2.2.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle MPG multiple-pages-generator-by-porthas allows SQL Injection.This issue affects MPG: from n/a through <= 3.4.7.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hasan movahed Duplicate Title Validate duplicate-title-validate allows Blind SQL Injection.This issue affects Duplicate Title Validate: from n/a through <= 1.0.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in zohocrm Zoho CRM Lead Magnet zoho-crm-forms allows SQL Injection.This issue affects Zoho CRM Lead Magnet: from n/a through <= 1.7.9.7.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in vrinsoft CSV Product Import Export for WooCommerce csv-wc-product-import-export.This issue affects CSV Product Import Export for WooCommerce: from n/a through <= 1.0.0.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Grim Classic Editor and Classic Widgets classic-editor-and-classic-widgets allows SQL Injection.This issue affects Classic Editor and Classic Widgets: from n/a through <=…