CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7
CVEs mapped to this weakness (12,807)
page 311 of 641| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-24627 | Hig | 0.47 | 7.2 | 0.07 | Nov 8, 2021 | The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise or escape an 'id' GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injection | ||
| CVE-2021-24625 | Hig | 0.47 | 7.2 | 0.01 | Nov 8, 2021 | The SpiderCatalog WordPress plugin through 1.7.3 does not sanitise or escape the 'parent' and 'ordering' parameters from the admin dashboard before using them in a SQL statement, leading to a SQL injection when adding a category | ||
| CVE-2021-24774 | Hig | 0.47 | 7.2 | 0.01 | Oct 25, 2021 | The Check & Log Email WordPress plugin before 1.0.3 does not validate and escape the "order" and "orderby" GET parameters before using them in a SQL statement when viewing logs, leading to SQL injections issues | ||
| CVE-2021-24769 | Hig | 0.47 | 7.2 | 0.01 | Oct 25, 2021 | The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not validate and escape the orderby parameter before using it in a SQL statement in the Permalink Manager page, leading to a SQL Injection | ||
| CVE-2021-24662 | Hig | 0.47 | 7.2 | 0.01 | Oct 25, 2021 | The Game Server Status WordPress plugin through 1.0 does not validate or escape the server_id parameter before using it in SQL statement, leading to an Authenticated SQL Injection in an admin page | ||
| CVE-2020-23045 | Hig | 0.47 | 7.2 | 0.01 | Oct 22, 2021 | Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a SQL injection vulnerability via the 'roleId' parameter of the `editRole` and `deletUser` modules. | ||
| CVE-2021-24754 | Hig | 0.47 | 7.2 | 0.01 | Oct 18, 2021 | The MainWP Child Reports WordPress plugin before 2.0.8 does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue | ||
| CVE-2021-41147 | Hig | 0.47 | 7.2 | 0.02 | Oct 15, 2021 | Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with admin rights in one agile dashboard… | ||
| CVE-2021-40992 | Hig | 0.47 | 7.2 | 0.01 | Oct 15, 2021 | A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released… | ||
| CVE-2021-33736 | Hig | 0.47 | 7.2 | 0.01 | Oct 12, 2021 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | ||
| CVE-2021-33735 | Hig | 0.47 | 7.2 | 0.01 | Oct 12, 2021 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | ||
| CVE-2021-41947 | Hig | 0.47 | 7.2 | 0.01 | Oct 8, 2021 | A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visual-mode. | ||
| CVE-2020-21013 | Hig | 0.47 | 7.2 | 0.01 | Oct 1, 2021 | emlog v6.0.0 contains a SQL injection via /admin/comment.php. | ||
| CVE-2020-20692 | Hig | 0.47 | 7.2 | 0.01 | Sep 27, 2021 | GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.php. | ||
| CVE-2021-24511 | Hig | 0.47 | 7.2 | 0.02 | Sep 20, 2021 | The fetch_product_ajax functionality in the Product Feed on WooCommerce WordPress plugin before 3.3.1.0 uses a `product_id` POST parameter which is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. | ||
| CVE-2021-24403 | Hig | 0.47 | 7.2 | 0.02 | Sep 20, 2021 | The Orders functionality in the WordPress Page Contact plugin through 1.0 has an order_id parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors | ||
| CVE-2021-24402 | Hig | 0.47 | 7.2 | 0.05 | Sep 20, 2021 | The Orders functionality in the WP iCommerce WordPress plugin through 1.1.1 has an `order_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors | ||
| CVE-2021-24401 | Hig | 0.47 | 7.2 | 0.05 | Sep 20, 2021 | The Edit domain functionality in the WP Domain Redirect WordPress plugin through 1.0 has an `editid` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. | ||
| CVE-2021-24400 | Hig | 0.47 | 7.2 | 0.02 | Sep 20, 2021 | The Edit Role functionality in the Display Users WordPress plugin through 2.0.0 had an `id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. | ||
| CVE-2021-24399 | Hig | 0.47 | 7.2 | 0.02 | Sep 20, 2021 | The check_order function of The Sorter WordPress plugin through 1.0 uses an `area_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. |
- risk 0.47cvss 7.2epss 0.07
The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise or escape an 'id' GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injection
- risk 0.47cvss 7.2epss 0.01
The SpiderCatalog WordPress plugin through 1.7.3 does not sanitise or escape the 'parent' and 'ordering' parameters from the admin dashboard before using them in a SQL statement, leading to a SQL injection when adding a category
- risk 0.47cvss 7.2epss 0.01
The Check & Log Email WordPress plugin before 1.0.3 does not validate and escape the "order" and "orderby" GET parameters before using them in a SQL statement when viewing logs, leading to SQL injections issues
- risk 0.47cvss 7.2epss 0.01
The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not validate and escape the orderby parameter before using it in a SQL statement in the Permalink Manager page, leading to a SQL Injection
- risk 0.47cvss 7.2epss 0.01
The Game Server Status WordPress plugin through 1.0 does not validate or escape the server_id parameter before using it in SQL statement, leading to an Authenticated SQL Injection in an admin page
- risk 0.47cvss 7.2epss 0.01
Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a SQL injection vulnerability via the 'roleId' parameter of the `editRole` and `deletUser` modules.
- risk 0.47cvss 7.2epss 0.01
The MainWP Child Reports WordPress plugin before 2.0.8 does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue
- risk 0.47cvss 7.2epss 0.02
Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with admin rights in one agile dashboard…
- risk 0.47cvss 7.2epss 0.01
A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released…
- risk 0.47cvss 7.2epss 0.01
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.
- risk 0.47cvss 7.2epss 0.01
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.
- risk 0.47cvss 7.2epss 0.01
A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visual-mode.
- risk 0.47cvss 7.2epss 0.01
emlog v6.0.0 contains a SQL injection via /admin/comment.php.
- risk 0.47cvss 7.2epss 0.01
GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.php.
- risk 0.47cvss 7.2epss 0.02
The fetch_product_ajax functionality in the Product Feed on WooCommerce WordPress plugin before 3.3.1.0 uses a `product_id` POST parameter which is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
- risk 0.47cvss 7.2epss 0.02
The Orders functionality in the WordPress Page Contact plugin through 1.0 has an order_id parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors
- risk 0.47cvss 7.2epss 0.05
The Orders functionality in the WP iCommerce WordPress plugin through 1.1.1 has an `order_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors
- risk 0.47cvss 7.2epss 0.05
The Edit domain functionality in the WP Domain Redirect WordPress plugin through 1.0 has an `editid` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
- risk 0.47cvss 7.2epss 0.02
The Edit Role functionality in the Display Users WordPress plugin through 2.0.0 had an `id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
- risk 0.47cvss 7.2epss 0.02
The check_order function of The Sorter WordPress plugin through 1.0 uses an `area_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.