CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7
CVEs mapped to this weakness (10,236)
page 223 of 512| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-9992 | Hig | 0.46 | 7.1 | 0.01 | Mar 1, 2017 | IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1992067. | ||
| CVE-2016-1393 | Hig | 0.46 | 7.1 | 0.01 | May 12, 2016 | SQL injection vulnerability in Cisco Cloud Network Automation Provisioner (CNAP) 1.0 and 1.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy72175. | ||
| CVE-2026-55405 | hig | 0.45 | — | 0.00 | Jun 17, 2026 | ### Summary The MariaDB and pgvector embedding stores build metadata-filter SQL by string-concatenating filter **keys** (and, in MariaDB, string **values**) directly into the query without adequate escaping. A crafted metadata key in `EmbeddingSearchRequest.filter()` can break… | ||
| CVE-2026-38739 | hig | 0.45 | — | 0.00 | May 29, 2026 | NB: All tags and branches in this repository are past their end of life, so the vulnerability will not be fixed. The advisory is posted on the request of the researcher, for the information of anyone who might still use this software. ### Impact There is a security… | ||
| CVE-2026-44680 | Hig | 0.45 | 7.6 | 0.01 | May 26, 2026 | MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper (Platform.quoteIdentifier and the postgres/mssql overrides) and its JSON-path… | ||
| CVE-2026-44792 | hig | 0.45 | — | 0.00 | May 14, 2026 | ## Impact An attacker with write access to the git repository connected to an n8n Source Control configuration could commit a malicious Data Table JSON file containing a crafted column name. When an administrator performed a Source Control Pull, n8n imported the file and could… | ||
| CVE-2025-30062 | — | Med | 0.45 | — | 0.00 | Mar 2, 2026 | In the "CheckUnitCodeAndKey.pl" service, the "validateOrgUnit" function is vulnerable to SQL injection. | |
| CVE-2025-30061 | — | Med | 0.45 | — | 0.00 | Aug 27, 2025 | In the "utils/Reporter/OpenReportWindow.pl" service, there is an SQL injection vulnerability through the "UserID" parameter. | |
| CVE-2025-30060 | — | Med | 0.45 | — | 0.00 | Aug 27, 2025 | In the ReturnUserUnitsXML.pl service, the "getUserInfo" function is vulnerable to SQL injection through the "UserID" parameter. | |
| CVE-2025-30059 | — | Med | 0.45 | — | 0.00 | Aug 27, 2025 | In the PrepareCDExportJSON.pl service, the "getPerfServiceIds" function is vulnerable to SQL injection. | |
| CVE-2025-30058 | — | Med | 0.45 | — | 0.00 | Aug 27, 2025 | In the PatientService.pl service, the "getPatientIdentifier" function is vulnerable to SQL injection through the "pesel" parameter. | |
| CVE-2025-34136 | Med | 0.45 | — | 0.00 | Jul 25, 2025 | An SQL injection vulnerability exists in Commvault 11.32.0 - 11.32.93, 11.36.0 - 11.36.51, and 11.38.0 - 11.38.19 Web Server component that allows a remote, unauthenticated attacker to perform SQL Injection. The vulnerability impacts systems where the CommServe and Web Server… | ||
| CVE-2025-53122 | Med | 0.45 | — | 0.00 | Jun 26, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenNMS Horizon and Meridian applications allows SQL Injection. Users should upgrade to Meridian 2024.2.6 or newer, or Horizon 33.16 or newer. Meridian and Horizon… | ||
| CVE-2025-1520 | Hig | 0.45 | 8.0 | 0.00 | Apr 23, 2025 | PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw… | ||
| CVE-2024-12745 | Hig | 0.45 | 8.0 | 0.01 | Dec 24, 2024 | A SQL injection in the Amazon Redshift Python Connector v2.1.4 allows a user to gain escalated privileges via the get_schemas, get_tables, or get_columns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.5 or revert to driver version 2.1.3. | ||
| CVE-2024-12744 | Hig | 0.45 | 8.0 | 0.01 | Dec 24, 2024 | A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30. | ||
| CVE-2024-4658 | Med | 0.45 | — | 0.00 | Oct 10, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TE Informatics Nova CMS allows SQL Injection. This issue affects Nova CMS: before 5.0. | ||
| CVE-2024-23115 | Hig | 0.45 | 7.2 | 0.67 | Apr 1, 2024 | Centreon updateGroups SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the… | ||
| CVE-2023-1545 | Hig | 0.45 | 7.5 | 0.08 | Mar 21, 2023 | SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23. | ||
| CVE-2026-9617 | Med | 0.44 | 6.8 | 0.00 | May 27, 2026 | PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-anonymity function, the malicious code is executed with superuser privileges. The… |
- risk 0.46cvss 7.1epss 0.01
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1992067.
- risk 0.46cvss 7.1epss 0.01
SQL injection vulnerability in Cisco Cloud Network Automation Provisioner (CNAP) 1.0 and 1.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy72175.
- risk 0.45cvss —epss 0.00
### Summary The MariaDB and pgvector embedding stores build metadata-filter SQL by string-concatenating filter **keys** (and, in MariaDB, string **values**) directly into the query without adequate escaping. A crafted metadata key in `EmbeddingSearchRequest.filter()` can break…
- risk 0.45cvss —epss 0.00
NB: All tags and branches in this repository are past their end of life, so the vulnerability will not be fixed. The advisory is posted on the request of the researcher, for the information of anyone who might still use this software. ### Impact There is a security…
- risk 0.45cvss 7.6epss 0.01
MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper (Platform.quoteIdentifier and the postgres/mssql overrides) and its JSON-path…
- risk 0.45cvss —epss 0.00
## Impact An attacker with write access to the git repository connected to an n8n Source Control configuration could commit a malicious Data Table JSON file containing a crafted column name. When an administrator performed a Source Control Pull, n8n imported the file and could…
- risk 0.45cvss —epss 0.00
In the "CheckUnitCodeAndKey.pl" service, the "validateOrgUnit" function is vulnerable to SQL injection.
- risk 0.45cvss —epss 0.00
In the "utils/Reporter/OpenReportWindow.pl" service, there is an SQL injection vulnerability through the "UserID" parameter.
- risk 0.45cvss —epss 0.00
In the ReturnUserUnitsXML.pl service, the "getUserInfo" function is vulnerable to SQL injection through the "UserID" parameter.
- risk 0.45cvss —epss 0.00
In the PrepareCDExportJSON.pl service, the "getPerfServiceIds" function is vulnerable to SQL injection.
- risk 0.45cvss —epss 0.00
In the PatientService.pl service, the "getPatientIdentifier" function is vulnerable to SQL injection through the "pesel" parameter.
- risk 0.45cvss —epss 0.00
An SQL injection vulnerability exists in Commvault 11.32.0 - 11.32.93, 11.36.0 - 11.36.51, and 11.38.0 - 11.38.19 Web Server component that allows a remote, unauthenticated attacker to perform SQL Injection. The vulnerability impacts systems where the CommServe and Web Server…
- risk 0.45cvss —epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenNMS Horizon and Meridian applications allows SQL Injection. Users should upgrade to Meridian 2024.2.6 or newer, or Horizon 33.16 or newer. Meridian and Horizon…
- risk 0.45cvss 8.0epss 0.00
PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw…
- risk 0.45cvss 8.0epss 0.01
A SQL injection in the Amazon Redshift Python Connector v2.1.4 allows a user to gain escalated privileges via the get_schemas, get_tables, or get_columns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.5 or revert to driver version 2.1.3.
- risk 0.45cvss 8.0epss 0.01
A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30.
- risk 0.45cvss —epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TE Informatics Nova CMS allows SQL Injection. This issue affects Nova CMS: before 5.0.
- risk 0.45cvss 7.2epss 0.67
Centreon updateGroups SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the…
- risk 0.45cvss 7.5epss 0.08
SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23.
- risk 0.44cvss 6.8epss 0.00
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-anonymity function, the malicious code is executed with superuser privileges. The…