CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7
CVEs mapped to this weakness (10,236)
page 227 of 512| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-40842 | — | Med | 0.42 | 6.5 | 0.00 | May 27, 2026 | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getWidgetTags function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | |
| CVE-2026-40841 | — | Med | 0.42 | 6.5 | 0.00 | May 27, 2026 | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectTags function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | |
| CVE-2026-40840 | — | Med | 0.42 | 6.5 | 0.00 | May 27, 2026 | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the VerifyCreateLicences function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | |
| CVE-2026-40839 | — | Med | 0.42 | 6.5 | 0.00 | May 27, 2026 | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getComponentScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | |
| CVE-2026-40838 | — | Med | 0.42 | 6.5 | 0.00 | May 27, 2026 | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getDeviceScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | |
| CVE-2026-40837 | — | Med | 0.42 | 6.5 | 0.00 | May 27, 2026 | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | |
| CVE-2026-40835 | — | Med | 0.42 | 6.5 | 0.00 | May 27, 2026 | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the saveObjectFromData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | |
| CVE-2026-40832 | — | Med | 0.42 | 6.5 | 0.00 | May 27, 2026 | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getDevicegroups function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | |
| CVE-2026-40831 | Med | 0.42 | 6.5 | 0.00 | May 27, 2026 | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the Easy View due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||
| CVE-2026-44923 | Med | 0.42 | 6.5 | 0.00 | May 20, 2026 | SQL injection in InfoScale VIOM before v9.1.3 allows remote attackers to escalate privileges. | ||
| CVE-2026-8685 | Med | 0.42 | 6.5 | 0.00 | May 20, 2026 | The Infility Global plugin for WordPress is vulnerable to SQL Injection via the 'orderby' and 'order' parameters in all versions up to, and including, 2.15.16. This is due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL… | ||
| CVE-2026-46359 | Hig | 0.42 | 7.5 | 0.00 | May 15, 2026 | phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allows authenticated attackers to execute arbitrary SQL by injecting malicious OAuth token claims. Attackers with Azure AD accounts containing SQL metacharacters in display names or… | ||
| CVE-2026-5486 | — | Med | 0.42 | 6.5 | 0.00 | May 14, 2026 | The Unlimited Elements for Elementor plugin for WordPress is vulnerable to SQL Injection via the 'data[filter_search]' parameter in the get_cat_addons AJAX action in versions up to and including 2.0.7. This is due to insufficient input sanitization and the use of deprecated… | |
| CVE-2026-37429 | Med | 0.42 | 6.5 | 0.00 | May 13, 2026 | qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information (PII)… | ||
| CVE-2026-37428 | — | Med | 0.42 | 6.5 | 0.00 | May 13, 2026 | qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information (PII). | |
| CVE-2026-5028 | Med | 0.42 | 6.5 | 0.00 | May 12, 2026 | The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the `pp-get-articles` AJAX action in all versions up to, and including, 1.2.6. This is due to insufficient escaping on the user supplied parameter… | ||
| CVE-2026-41640 | Hig | 0.42 | 7.5 | 0.02 | May 7, 2026 | NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the queryParentSQL() function in the core database package constructs a recursive CTE query by joining nodeIds with string concatenation… | ||
| CVE-2026-3359 | Hig | 0.42 | 7.5 | 0.00 | May 5, 2026 | The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to SQL Injection via the 'inputs' parameter in versions up to, and including, 1.15.42 due to insufficient escaping on the user supplied parameter and lack of… | ||
| CVE-2026-3456 | Hig | 0.42 | 7.5 | 0.00 | May 5, 2026 | The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to SQL Injection via the 'attributekey' parameter in versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of… | ||
| CVE-2026-5100 | Hig | 0.42 | 7.5 | 0.00 | May 5, 2026 | The AWP Classifieds plugin for WordPress is vulnerable to SQL Injection via the 'regions' parameter array keys in versions up to, and including, 4.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This… |
- risk 0.42cvss 6.5epss 0.00
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getWidgetTags function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
- risk 0.42cvss 6.5epss 0.00
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectTags function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
- risk 0.42cvss 6.5epss 0.00
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the VerifyCreateLicences function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
- risk 0.42cvss 6.5epss 0.00
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getComponentScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
- risk 0.42cvss 6.5epss 0.00
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getDeviceScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
- risk 0.42cvss 6.5epss 0.00
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
- risk 0.42cvss 6.5epss 0.00
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the saveObjectFromData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
- risk 0.42cvss 6.5epss 0.00
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getDevicegroups function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
- risk 0.42cvss 6.5epss 0.00
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the Easy View due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
- risk 0.42cvss 6.5epss 0.00
SQL injection in InfoScale VIOM before v9.1.3 allows remote attackers to escalate privileges.
- risk 0.42cvss 6.5epss 0.00
The Infility Global plugin for WordPress is vulnerable to SQL Injection via the 'orderby' and 'order' parameters in all versions up to, and including, 2.15.16. This is due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL…
- risk 0.42cvss 7.5epss 0.00
phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allows authenticated attackers to execute arbitrary SQL by injecting malicious OAuth token claims. Attackers with Azure AD accounts containing SQL metacharacters in display names or…
- risk 0.42cvss 6.5epss 0.00
The Unlimited Elements for Elementor plugin for WordPress is vulnerable to SQL Injection via the 'data[filter_search]' parameter in the get_cat_addons AJAX action in versions up to and including 2.0.7. This is due to insufficient input sanitization and the use of deprecated…
- risk 0.42cvss 6.5epss 0.00
qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information (PII)…
- risk 0.42cvss 6.5epss 0.00
qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information (PII).
- risk 0.42cvss 6.5epss 0.00
The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the `pp-get-articles` AJAX action in all versions up to, and including, 1.2.6. This is due to insufficient escaping on the user supplied parameter…
- risk 0.42cvss 7.5epss 0.02
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the queryParentSQL() function in the core database package constructs a recursive CTE query by joining nodeIds with string concatenation…
- risk 0.42cvss 7.5epss 0.00
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to SQL Injection via the 'inputs' parameter in versions up to, and including, 1.15.42 due to insufficient escaping on the user supplied parameter and lack of…
- risk 0.42cvss 7.5epss 0.00
The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to SQL Injection via the 'attributekey' parameter in versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of…
- risk 0.42cvss 7.5epss 0.00
The AWP Classifieds plugin for WordPress is vulnerable to SQL Injection via the 'regions' parameter array keys in versions up to, and including, 4.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This…