VYPR

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7

CVEs mapped to this weakness (12,807)

page 310 of 641
  • CVE-2021-24858HigJan 24, 2022
    risk 0.47cvss 7.2epss 0.01

    The Cookie Notification Plugin for WordPress plugin before 1.0.9 does not sanitise or escape the id GET parameter before using it in a SQL statement, when retrieving the setting to edit in the admin dashboard, leading to an authenticated SQL Injection

  • CVE-2021-25023HigJan 3, 2022
    risk 0.47cvss 7.2epss 0.01

    The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not escape the sbp_convert_table_name parameter before using it in a SQL statement to convert the related table, leading to an SQL injection

  • CVE-2021-24753HigDec 27, 2021
    risk 0.47cvss 7.2epss 0.01

    The Rich Reviews by Starfish WordPress plugin before 1.9.6 does not properly validate the orderby GET parameter of the pending reviews page before using it in a SQL statement, leading to an authenticated SQL injection issue

  • CVE-2021-24861HigDec 13, 2021
    risk 0.47cvss 7.2epss 0.01

    The Quotes Collection WordPress plugin through 2.5.2 does not validate and escape the bulkcheck parameter before using it in a SQL statement, leading to a SQL injection

  • CVE-2021-24747HigDec 13, 2021
    risk 0.47cvss 7.2epss 0.01

    The SEO Booster WordPress plugin before 3.8 allows for authenticated SQL injection via the "fn_my_ajaxified_dataloader_ajax" AJAX request as the $_REQUEST['order'][0]['dir'] parameter is not properly escaped leading to blind and error-based SQL injections.

  • CVE-2021-40280HigDec 9, 2021
    risk 0.47cvss 7.2epss 0.01

    An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/dl_sendmail.php.

  • CVE-2021-40279HigDec 9, 2021
    risk 0.47cvss 7.2epss 0.01

    An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/bad.php.

  • CVE-2021-40861HigDec 8, 2021
    risk 0.47cvss 7.2epss 0.02

    A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) 9.0.017.07 allows an attacker to execute arbitrary SQL queries via the value attribute, with which all data in the database can be extracted and OS command execution is…

  • CVE-2021-40860HigDec 8, 2021
    risk 0.47cvss 7.2epss 0.02

    A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) before 9.0.013.11 allows an attacker to execute arbitrary SQL queries via the ql_expression parameter, with which all data in the database can be extracted and OS command…

  • CVE-2021-40578HigDec 7, 2021
    risk 0.47cvss 7.2epss 0.01

    Authenticated Blind & Error-based SQL injection vulnerability was discovered in Online Enrollment Management System in PHP and PayPal Free Source Code 1.0, that allows attackers to obtain sensitive information and execute arbitrary SQL commands via IDNO parameter.

  • CVE-2021-25784HigDec 2, 2021
    risk 0.47cvss 7.2epss 0.01

    Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article.

  • CVE-2021-25783HigDec 2, 2021
    risk 0.47cvss 7.2epss 0.01

    Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search.

  • CVE-2020-35012HigDec 1, 2021
    risk 0.47cvss 7.2epss 0.01

    The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to an SQL Injection

  • CVE-2021-24889HigNov 29, 2021
    risk 0.47cvss 7.2epss 0.01

    The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks

  • CVE-2021-24860HigNov 29, 2021
    risk 0.47cvss 7.2epss 0.01

    The BSK PDF Manager WordPress plugin before 3.1.2 does not validate and escape the orderby and order parameters before using them in a SQL statement, leading to a SQL injection issue

  • CVE-2021-24877HigNov 23, 2021
    risk 0.47cvss 7.2epss 0.01

    The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed

  • CVE-2021-24844HigNov 8, 2021
    risk 0.47cvss 7.2epss 0.01

    The Affiliates Manager WordPress plugin before 2.8.7 does not validate the orderby parameter before using it in an SQL statement in the admin dashboard, leading to an SQL Injection issue

  • CVE-2021-24791HigNov 8, 2021
    risk 0.47cvss 7.2epss 0.05

    The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the "orderby" and "order" request parameters before using them in a SQL statement when viewing the Snippets admin dashboard, leading to SQL injections

  • CVE-2021-24629HigNov 8, 2021
    risk 0.47cvss 7.2epss 0.01

    The Post Content XMLRPC WordPress plugin through 1.0 does not sanitise or escape multiple GET/POST parameters before using them in SQL statements in the admin dashboard, leading to an authenticated SQL Injections

  • CVE-2021-24628HigNov 8, 2021
    risk 0.47cvss 7.2epss 0.01

    The Wow Forms WordPress plugin through 3.1.3 does not sanitise or escape a 'did' GET parameter before using it in a SQL statement, when deleting a form in the admin dashboard, leading to an authenticated SQL injection