VYPR

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7

CVEs mapped to this weakness (10,236)

page 31 of 512
  • CVE-2023-2963CriJul 17, 2023
    risk 0.64cvss 9.8epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oliva Expertise Oliva Expertise EKS allows SQL Injection. This issue affects Oliva Expertise EKS: before 1.2.

  • CVE-2023-35070CriJul 13, 2023
    risk 0.64cvss 9.8epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VegaGroup Web Collection allows SQL Injection. This issue affects Web Collection: before 31197.

  • CVE-2023-2957CriJul 13, 2023
    risk 0.64cvss 9.8epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lisa Software Florist Site allows SQL Injection. This issue affects Florist Site: before 3.0.

  • CVE-2023-1547CriJul 13, 2023
    risk 0.64cvss 9.8epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Elra Parkmatik allows SQL Injection through SOAP Parameter Tampering, Command Line Execution through SQL Injection. This issue affects Parkmatik: before 02.01-a51.

  • CVE-2023-3045CriJul 10, 2023
    risk 0.64cvss 9.8epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tise Technology Parking Web Report allows SQL Injection. This issue affects Parking Web Report: before 2.1.

  • CVE-2023-2852CriJul 10, 2023
    risk 0.64cvss 9.8epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Softmed SelfPatron allows SQL Injection. This issue affects SelfPatron : before 2.0.

  • CVE-2023-2046CriJul 10, 2023
    risk 0.64cvss 9.8epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yontem Informatics Vehicle Tracking System allows SQL Injection. This issue affects Vehicle Tracking System: before 8.

  • CVE-2023-2907CriJun 19, 2023
    risk 0.64cvss 9.8epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Marksoft allows SQL Injection. This issue affects Marksoft: through Mobile:v.7.1.7 ; Login:1.4 ; API:20230605.

  • CVE-2023-35064CriJun 13, 2023
    risk 0.64cvss 9.8epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Satos Satos Mobile allows SQL Injection through SOAP Parameter Tampering. This issue affects Satos Mobile: before 20230607.

  • CVE-2023-3047CriJun 13, 2023
    risk 0.64cvss 9.8epss 0.02

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TMT Lockcell allows SQL Injection. This issue affects Lockcell: before 15.

  • CVE-2021-4340CriJun 7, 2023
    risk 0.64cvss 9.8epss 0.01

    The uListing plugin for WordPress is vulnerable to generic SQL Injection via the ‘listing_id’ parameter in versions up to, and including, 1.6.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This…

  • CVE-2023-3000CriJun 2, 2023
    risk 0.64cvss 9.8epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Erikoglu Technology ErMon allows Command Line Execution through SQL Injection, Authentication Bypass. This issue affects ErMon: before 230602.

  • CVE-2023-2851CriMay 25, 2023
    risk 0.64cvss 9.8epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AGT Tech Ceppatron allows Command Line Execution through SQL Injection, SQL Injection. This issue affects all versions of the sofware also EOS when CVE-ID assigned.

  • CVE-2023-2064CriMay 24, 2023
    risk 0.64cvss 9.8epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Minova Technology eTrace allows SQL Injection. This issue affects eTrace: before 23.05.20.

  • CVE-2023-2045CriMay 24, 2023
    risk 0.64cvss 9.8epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ipekyolu Software Auto Damage Tracking Software allows SQL Injection. This issue affects Auto Damage Tracking Software: before 4.

  • CVE-2023-2750CriMay 24, 2023
    risk 0.64cvss 9.8epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cityboss E-municipality allows SQL Injection. This issue affects E-municipality: before 6.05.

  • CVE-2023-1508CriMay 23, 2023
    risk 0.64cvss 9.8epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adam Retail Automation Systems Mobilmen Terminal Software allows SQL Injection. This issue affects Mobilmen Terminal Software: before 3.

  • CVE-2023-1873CriApr 17, 2023
    risk 0.64cvss 9.8epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Faturamatik Bircard allows SQL Injection. This issue affects Bircard: before 23.04.05.

  • CVE-2023-1723CriApr 17, 2023
    risk 0.64cvss 9.8epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veragroup Mobile Assistant allows SQL Injection. This issue affects Mobile Assistant: before 21.S.2343.

  • CVE-2023-1863CriApr 14, 2023
    risk 0.64cvss 9.8epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eskom Water Metering Software allows Command Line Execution through SQL Injection. This issue affects Water Metering Software: before 23.04.06.