CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7
CVEs mapped to this weakness (12,807)
page 351 of 641| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-4777 | Med | 0.41 | 6.3 | 0.00 | Mar 24, 2026 | A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file view_supplier.php of the component POST Parameter Handler. The manipulation of the argument searchtxt results in sql injection. The attack may be… | ||
| CVE-2026-4614 | Med | 0.41 | 6.3 | 0.00 | Mar 24, 2026 | A vulnerability was determined in itsourcecode sanitize or validate this input 1.0. This issue affects some unknown processing of the file /admin/subjects.php of the component Parameter Handler. This manipulation of the argument subject_code causes sql injection. The attack is… | ||
| CVE-2026-4597 | — | Med | 0.41 | 6.3 | 0.00 | Mar 23, 2026 | A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. Impacted is the function selectAll of the file src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamProxyProvider.java of the component Stream Proxy Query Handler. The manipulation… | |
| CVE-2026-4593 | — | Med | 0.41 | 6.3 | 0.00 | Mar 23, 2026 | A flaw has been found in erupts erupt bis 1.13.3. Affected by this vulnerability is the function EruptDataQuery of the file erupt-ai/src/main/java/xyz/erupt/ai/call/impl/EruptDataQuery.java of the component MCP Tool Interface. This manipulation causes sql injection hibernate. It… | |
| CVE-2026-4574 | Med | 0.41 | 6.3 | 0.00 | Mar 23, 2026 | A vulnerability was detected in SourceCodester Simple E-learning System 1.0. This vulnerability affects unknown code of the component User Profile Update Handler. The manipulation of the argument firstName results in sql injection. It is possible to launch the attack remotely.… | ||
| CVE-2026-4573 | Med | 0.41 | 6.3 | 0.00 | Mar 23, 2026 | A security vulnerability has been detected in SourceCodester Simple E-learning System 1.0. This affects an unknown part of the file /includes/form_handlers/delete_post.php of the component HTTP GET Parameter Handler. The manipulation of the argument post_id leads to sql… | ||
| CVE-2026-4572 | Med | 0.41 | 6.3 | 0.00 | Mar 23, 2026 | A weakness has been identified in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /view_product.php of the component HTTP POST Request Handler. Executing a manipulation of the argument searchtxt can lead to sql… | ||
| CVE-2026-4571 | Med | 0.41 | 6.3 | 0.00 | Mar 23, 2026 | A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_payments.php of the component HTTP POST Request Handler. Performing a manipulation of the argument searchtxt results… | ||
| CVE-2026-4570 | Med | 0.41 | 6.3 | 0.00 | Mar 23, 2026 | A vulnerability was identified in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /view_customers.php of the component HTTP POST Request Handler. Such manipulation of the argument searchtxt leads to sql injection. The attack can be… | ||
| CVE-2026-4569 | Med | 0.41 | 6.3 | 0.00 | Mar 23, 2026 | A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This impacts an unknown function of the file /view_category.php of the component HTTP POST Request Handler. This manipulation of the argument searchtxt causes sql injection. Remote exploitation of… | ||
| CVE-2026-4568 | Med | 0.41 | 6.3 | 0.00 | Mar 23, 2026 | A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file /update_supplier.php of the component HTTP GET Request Handler. The manipulation of the argument sid results in sql injection. The attack may be launched… | ||
| CVE-2026-4533 | Med | 0.41 | 6.3 | 0.00 | Mar 22, 2026 | A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file all-tickets.php. The manipulation of the argument Status results in sql injection. It is possible to launch the attack remotely. The… | ||
| CVE-2026-4513 | Med | 0.41 | 6.3 | 0.00 | Mar 21, 2026 | A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function ask of the file vanna\legacy\base\base.py. Performing a manipulation results in sql injection. The attack is possible to be carried out remotely. The exploit is now public… | ||
| CVE-2026-4507 | Med | 0.41 | 6.3 | 0.00 | Mar 20, 2026 | A vulnerability was determined in Mindinventory MindSQL up to 0.2.1. The affected element is the function ask_db of the file mindsql/core/mindsql_core.py. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been publicly… | ||
| CVE-2026-4485 | Med | 0.41 | 6.3 | 0.00 | Mar 20, 2026 | A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/search_student.php. The manipulation of the argument Search leads to sql injection. The attack is possible to be carried out remotely. The… | ||
| CVE-2026-4472 | Med | 0.41 | 6.3 | 0.00 | Mar 20, 2026 | A security vulnerability has been detected in itsourcecode Online Frozen Foods Ordering System 1.0. This vulnerability affects unknown code of the file /admin/admin_edit_supplier.php. The manipulation of the argument Supplier_Name leads to sql injection. The attack can be… | ||
| CVE-2026-4241 | Med | 0.41 | 6.3 | 0.00 | Mar 16, 2026 | A vulnerability was identified in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/time-table.php. Such manipulation of the argument course_code leads to sql injection. The attack can be launched remotely. The exploit is… | ||
| CVE-2026-4234 | Med | 0.41 | 6.3 | 0.00 | Mar 16, 2026 | A security flaw has been discovered in SSCMS 7.4.0. This vulnerability affects unknown code of the file SitesAddController.Submit.cs of the component DDL Handler. The manipulation of the argument tableHandWrite results in sql injection. The attack can be executed remotely. The… | ||
| CVE-2026-4230 | Med | 0.41 | 6.3 | 0.00 | Mar 16, 2026 | A vulnerability has been found in vanna-ai vanna up to 2.0.2. Affected is the function update_sql of the file src/vanna/legacy/flask/__init__.py of the component Endpoint. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit has been… | ||
| CVE-2026-4173 | Med | 0.41 | 6.3 | 0.00 | Mar 16, 2026 | A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This vulnerability affects the function exportTable/exportTableColumnComment/exportView/exportProcedure/exportTriggers/exportTrigger/updateProcedure of the file DMDBManage.java of the component Database Export Handler.… |
- risk 0.41cvss 6.3epss 0.00
A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file view_supplier.php of the component POST Parameter Handler. The manipulation of the argument searchtxt results in sql injection. The attack may be…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was determined in itsourcecode sanitize or validate this input 1.0. This issue affects some unknown processing of the file /admin/subjects.php of the component Parameter Handler. This manipulation of the argument subject_code causes sql injection. The attack is…
- risk 0.41cvss 6.3epss 0.00
A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. Impacted is the function selectAll of the file src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamProxyProvider.java of the component Stream Proxy Query Handler. The manipulation…
- risk 0.41cvss 6.3epss 0.00
A flaw has been found in erupts erupt bis 1.13.3. Affected by this vulnerability is the function EruptDataQuery of the file erupt-ai/src/main/java/xyz/erupt/ai/call/impl/EruptDataQuery.java of the component MCP Tool Interface. This manipulation causes sql injection hibernate. It…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was detected in SourceCodester Simple E-learning System 1.0. This vulnerability affects unknown code of the component User Profile Update Handler. The manipulation of the argument firstName results in sql injection. It is possible to launch the attack remotely.…
- risk 0.41cvss 6.3epss 0.00
A security vulnerability has been detected in SourceCodester Simple E-learning System 1.0. This affects an unknown part of the file /includes/form_handlers/delete_post.php of the component HTTP GET Parameter Handler. The manipulation of the argument post_id leads to sql…
- risk 0.41cvss 6.3epss 0.00
A weakness has been identified in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /view_product.php of the component HTTP POST Request Handler. Executing a manipulation of the argument searchtxt can lead to sql…
- risk 0.41cvss 6.3epss 0.00
A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_payments.php of the component HTTP POST Request Handler. Performing a manipulation of the argument searchtxt results…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was identified in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /view_customers.php of the component HTTP POST Request Handler. Such manipulation of the argument searchtxt leads to sql injection. The attack can be…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This impacts an unknown function of the file /view_category.php of the component HTTP POST Request Handler. This manipulation of the argument searchtxt causes sql injection. Remote exploitation of…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file /update_supplier.php of the component HTTP GET Request Handler. The manipulation of the argument sid results in sql injection. The attack may be launched…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file all-tickets.php. The manipulation of the argument Status results in sql injection. It is possible to launch the attack remotely. The…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function ask of the file vanna\legacy\base\base.py. Performing a manipulation results in sql injection. The attack is possible to be carried out remotely. The exploit is now public…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was determined in Mindinventory MindSQL up to 0.2.1. The affected element is the function ask_db of the file mindsql/core/mindsql_core.py. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been publicly…
- risk 0.41cvss 6.3epss 0.00
A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/search_student.php. The manipulation of the argument Search leads to sql injection. The attack is possible to be carried out remotely. The…
- risk 0.41cvss 6.3epss 0.00
A security vulnerability has been detected in itsourcecode Online Frozen Foods Ordering System 1.0. This vulnerability affects unknown code of the file /admin/admin_edit_supplier.php. The manipulation of the argument Supplier_Name leads to sql injection. The attack can be…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was identified in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/time-table.php. Such manipulation of the argument course_code leads to sql injection. The attack can be launched remotely. The exploit is…
- risk 0.41cvss 6.3epss 0.00
A security flaw has been discovered in SSCMS 7.4.0. This vulnerability affects unknown code of the file SitesAddController.Submit.cs of the component DDL Handler. The manipulation of the argument tableHandWrite results in sql injection. The attack can be executed remotely. The…
- risk 0.41cvss 6.3epss 0.00
A vulnerability has been found in vanna-ai vanna up to 2.0.2. Affected is the function update_sql of the file src/vanna/legacy/flask/__init__.py of the component Endpoint. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit has been…
- risk 0.41cvss 6.3epss 0.00
A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This vulnerability affects the function exportTable/exportTableColumnComment/exportView/exportProcedure/exportTriggers/exportTrigger/updateProcedure of the file DMDBManage.java of the component Database Export Handler.…