CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7
CVEs mapped to this weakness (10,236)
page 31 of 512| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-2963 | Cri | 0.64 | 9.8 | 0.01 | Jul 17, 2023 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oliva Expertise Oliva Expertise EKS allows SQL Injection. This issue affects Oliva Expertise EKS: before 1.2. | ||
| CVE-2023-35070 | Cri | 0.64 | 9.8 | 0.01 | Jul 13, 2023 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VegaGroup Web Collection allows SQL Injection. This issue affects Web Collection: before 31197. | ||
| CVE-2023-2957 | Cri | 0.64 | 9.8 | 0.01 | Jul 13, 2023 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lisa Software Florist Site allows SQL Injection. This issue affects Florist Site: before 3.0. | ||
| CVE-2023-1547 | Cri | 0.64 | 9.8 | 0.01 | Jul 13, 2023 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Elra Parkmatik allows SQL Injection through SOAP Parameter Tampering, Command Line Execution through SQL Injection. This issue affects Parkmatik: before 02.01-a51. | ||
| CVE-2023-3045 | Cri | 0.64 | 9.8 | 0.01 | Jul 10, 2023 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tise Technology Parking Web Report allows SQL Injection. This issue affects Parking Web Report: before 2.1. | ||
| CVE-2023-2852 | Cri | 0.64 | 9.8 | 0.01 | Jul 10, 2023 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Softmed SelfPatron allows SQL Injection. This issue affects SelfPatron : before 2.0. | ||
| CVE-2023-2046 | Cri | 0.64 | 9.8 | 0.01 | Jul 10, 2023 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yontem Informatics Vehicle Tracking System allows SQL Injection. This issue affects Vehicle Tracking System: before 8. | ||
| CVE-2023-2907 | Cri | 0.64 | 9.8 | 0.01 | Jun 19, 2023 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Marksoft allows SQL Injection. This issue affects Marksoft: through Mobile:v.7.1.7 ; Login:1.4 ; API:20230605. | ||
| CVE-2023-35064 | Cri | 0.64 | 9.8 | 0.01 | Jun 13, 2023 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Satos Satos Mobile allows SQL Injection through SOAP Parameter Tampering. This issue affects Satos Mobile: before 20230607. | ||
| CVE-2023-3047 | Cri | 0.64 | 9.8 | 0.02 | Jun 13, 2023 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TMT Lockcell allows SQL Injection. This issue affects Lockcell: before 15. | ||
| CVE-2021-4340 | Cri | 0.64 | 9.8 | 0.01 | Jun 7, 2023 | The uListing plugin for WordPress is vulnerable to generic SQL Injection via the ‘listing_id’ parameter in versions up to, and including, 1.6.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This… | ||
| CVE-2023-3000 | Cri | 0.64 | 9.8 | 0.01 | Jun 2, 2023 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Erikoglu Technology ErMon allows Command Line Execution through SQL Injection, Authentication Bypass. This issue affects ErMon: before 230602. | ||
| CVE-2023-2851 | Cri | 0.64 | 9.8 | 0.01 | May 25, 2023 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AGT Tech Ceppatron allows Command Line Execution through SQL Injection, SQL Injection. This issue affects all versions of the sofware also EOS when CVE-ID assigned. | ||
| CVE-2023-2064 | Cri | 0.64 | 9.8 | 0.01 | May 24, 2023 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Minova Technology eTrace allows SQL Injection. This issue affects eTrace: before 23.05.20. | ||
| CVE-2023-2045 | Cri | 0.64 | 9.8 | 0.01 | May 24, 2023 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ipekyolu Software Auto Damage Tracking Software allows SQL Injection. This issue affects Auto Damage Tracking Software: before 4. | ||
| CVE-2023-2750 | Cri | 0.64 | 9.8 | 0.01 | May 24, 2023 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cityboss E-municipality allows SQL Injection. This issue affects E-municipality: before 6.05. | ||
| CVE-2023-1508 | Cri | 0.64 | 9.8 | 0.01 | May 23, 2023 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adam Retail Automation Systems Mobilmen Terminal Software allows SQL Injection. This issue affects Mobilmen Terminal Software: before 3. | ||
| CVE-2023-1873 | Cri | 0.64 | 9.8 | 0.01 | Apr 17, 2023 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Faturamatik Bircard allows SQL Injection. This issue affects Bircard: before 23.04.05. | ||
| CVE-2023-1723 | Cri | 0.64 | 9.8 | 0.01 | Apr 17, 2023 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veragroup Mobile Assistant allows SQL Injection. This issue affects Mobile Assistant: before 21.S.2343. | ||
| CVE-2023-1863 | Cri | 0.64 | 9.8 | 0.01 | Apr 14, 2023 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eskom Water Metering Software allows Command Line Execution through SQL Injection. This issue affects Water Metering Software: before 23.04.06. |
- risk 0.64cvss 9.8epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oliva Expertise Oliva Expertise EKS allows SQL Injection. This issue affects Oliva Expertise EKS: before 1.2.
- risk 0.64cvss 9.8epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VegaGroup Web Collection allows SQL Injection. This issue affects Web Collection: before 31197.
- risk 0.64cvss 9.8epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lisa Software Florist Site allows SQL Injection. This issue affects Florist Site: before 3.0.
- risk 0.64cvss 9.8epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Elra Parkmatik allows SQL Injection through SOAP Parameter Tampering, Command Line Execution through SQL Injection. This issue affects Parkmatik: before 02.01-a51.
- risk 0.64cvss 9.8epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tise Technology Parking Web Report allows SQL Injection. This issue affects Parking Web Report: before 2.1.
- risk 0.64cvss 9.8epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Softmed SelfPatron allows SQL Injection. This issue affects SelfPatron : before 2.0.
- risk 0.64cvss 9.8epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yontem Informatics Vehicle Tracking System allows SQL Injection. This issue affects Vehicle Tracking System: before 8.
- risk 0.64cvss 9.8epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Marksoft allows SQL Injection. This issue affects Marksoft: through Mobile:v.7.1.7 ; Login:1.4 ; API:20230605.
- risk 0.64cvss 9.8epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Satos Satos Mobile allows SQL Injection through SOAP Parameter Tampering. This issue affects Satos Mobile: before 20230607.
- risk 0.64cvss 9.8epss 0.02
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TMT Lockcell allows SQL Injection. This issue affects Lockcell: before 15.
- risk 0.64cvss 9.8epss 0.01
The uListing plugin for WordPress is vulnerable to generic SQL Injection via the ‘listing_id’ parameter in versions up to, and including, 1.6.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This…
- risk 0.64cvss 9.8epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Erikoglu Technology ErMon allows Command Line Execution through SQL Injection, Authentication Bypass. This issue affects ErMon: before 230602.
- risk 0.64cvss 9.8epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AGT Tech Ceppatron allows Command Line Execution through SQL Injection, SQL Injection. This issue affects all versions of the sofware also EOS when CVE-ID assigned.
- risk 0.64cvss 9.8epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Minova Technology eTrace allows SQL Injection. This issue affects eTrace: before 23.05.20.
- risk 0.64cvss 9.8epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ipekyolu Software Auto Damage Tracking Software allows SQL Injection. This issue affects Auto Damage Tracking Software: before 4.
- risk 0.64cvss 9.8epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cityboss E-municipality allows SQL Injection. This issue affects E-municipality: before 6.05.
- risk 0.64cvss 9.8epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adam Retail Automation Systems Mobilmen Terminal Software allows SQL Injection. This issue affects Mobilmen Terminal Software: before 3.
- risk 0.64cvss 9.8epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Faturamatik Bircard allows SQL Injection. This issue affects Bircard: before 23.04.05.
- risk 0.64cvss 9.8epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veragroup Mobile Assistant allows SQL Injection. This issue affects Mobile Assistant: before 21.S.2343.
- risk 0.64cvss 9.8epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eskom Water Metering Software allows Command Line Execution through SQL Injection. This issue affects Water Metering Software: before 23.04.06.