CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7
CVEs mapped to this weakness (10,236)
page 67 of 512| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-14844 | Hig | 0.60 | 8.8 | 0.03 | Sep 28, 2017 | Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter. | ||
| CVE-2017-14843 | Hig | 0.60 | 8.8 | 0.03 | Sep 28, 2017 | Mojoomla School Management System for WordPress allows SQL Injection via the id parameter. | ||
| CVE-2017-14842 | Hig | 0.60 | 8.8 | 0.03 | Sep 28, 2017 | Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter. | ||
| CVE-2017-14396 | Cri | 0.60 | 9.8 | 0.03 | Sep 12, 2017 | In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php. | ||
| CVE-2017-9429 | Hig | 0.60 | 8.8 | 0.03 | Jun 13, 2017 | SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress allows an authenticated user to execute arbitrary SQL commands via the id parameter to wp-admin/admin.php. | ||
| CVE-2017-9418 | Hig | 0.60 | 8.8 | 0.02 | Jun 12, 2017 | SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php. | ||
| CVE-2017-7952 | Hig | 0.60 | 8.8 | 0.01 | May 16, 2017 | INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter. | ||
| CVE-2015-7569 | Hig | 0.60 | 8.8 | 0.03 | Apr 24, 2017 | SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter. | ||
| CVE-2015-7564 | Cri | 0.60 | 9.8 | 0.03 | Apr 12, 2017 | Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b)… | ||
| CVE-2015-4592 | Hig | 0.60 | 8.8 | 0.03 | Jan 10, 2017 | eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as part of user input. | ||
| CVE-2026-54350 | cri | 0.59 | — | 0.01 | Jun 23, 2026 | ## Summary `enrichContext` at `packages/server/src/sdk/workspace/queries/queries.ts:121-138` substitutes parameter values into the raw JSON body of a query, then `JSON.parse`s the result. The validator `validateQueryInputs` at `packages/server/src/api/controllers/query/index.ts:… | ||
| CVE-2026-37347 | Cri | 0.59 | 9.1 | 0.00 | Apr 16, 2026 | SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_employee.php. | ||
| CVE-2026-33615 | Cri | 0.59 | 9.1 | 0.00 | Apr 2, 2026 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This can result in a total loss of integrity and availability. | ||
| CVE-2026-34374 | Cri | 0.59 | 9.1 | 0.00 | Mar 27, 2026 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `Live_schedule::keyExists()` method constructs a SQL query by interpolating a stream key directly into the query string without parameterization. This method is called as a fallback from… | ||
| CVE-2025-61675 | Hig | 0.59 | — | 0.39 | Oct 14, 2025 | FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple… | ||
| CVE-2025-10726 | Cri | 0.59 | 9.1 | 0.00 | Oct 3, 2025 | The WPRecovery plugin for WordPress is vulnerable to SQL Injection via the 'data[id]' parameter in all versions up to, and including, 2.0. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes… | ||
| CVE-2025-9943 | Cri | 0.59 | 9.1 | 0.00 | Sep 10, 2025 | An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider (SP) is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL… | ||
| CVE-2025-52390 | Cri | 0.59 | 9.1 | 0.01 | Aug 1, 2025 | Saurus CMS Community Edition since commit d886e5b0 (2010-04-23) is vulnerable to a SQL Injection vulnerability in the `prepareSearchQuery()` method in `FulltextSearch.class.php`. The application directly concatenates user-supplied input (`$search_word`) into SQL queries without… | ||
| CVE-2025-22699 | Cri | 0.59 | 9.0 | 0.00 | Feb 4, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler Code traveler-code.This issue affects Traveler Code: from n/a through < 3.1.2. | ||
| CVE-2024-43040 | Cri | 0.59 | 9.1 | 0.00 | Sep 10, 2024 | Renwoxing Enterprise Intelligent Management System before v3.0 was discovered to contain a SQL injection vulnerability via the parid parameter at /fx/baseinfo/SearchInfo. |
- risk 0.60cvss 8.8epss 0.03
Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter.
- risk 0.60cvss 8.8epss 0.03
Mojoomla School Management System for WordPress allows SQL Injection via the id parameter.
- risk 0.60cvss 8.8epss 0.03
Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter.
- risk 0.60cvss 9.8epss 0.03
In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php.
- risk 0.60cvss 8.8epss 0.03
SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress allows an authenticated user to execute arbitrary SQL commands via the id parameter to wp-admin/admin.php.
- risk 0.60cvss 8.8epss 0.02
SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php.
- risk 0.60cvss 8.8epss 0.01
INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter.
- risk 0.60cvss 8.8epss 0.03
SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter.
- risk 0.60cvss 9.8epss 0.03
Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b)…
- risk 0.60cvss 8.8epss 0.03
eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as part of user input.
- risk 0.59cvss —epss 0.01
## Summary `enrichContext` at `packages/server/src/sdk/workspace/queries/queries.ts:121-138` substitutes parameter values into the raw JSON body of a query, then `JSON.parse`s the result. The validator `validateQueryInputs` at `packages/server/src/api/controllers/query/index.ts:…
- risk 0.59cvss 9.1epss 0.00
SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_employee.php.
- risk 0.59cvss 9.1epss 0.00
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This can result in a total loss of integrity and availability.
- risk 0.59cvss 9.1epss 0.00
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `Live_schedule::keyExists()` method constructs a SQL query by interpolating a stream key directly into the query string without parameterization. This method is called as a fallback from…
- risk 0.59cvss —epss 0.39
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple…
- risk 0.59cvss 9.1epss 0.00
The WPRecovery plugin for WordPress is vulnerable to SQL Injection via the 'data[id]' parameter in all versions up to, and including, 2.0. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes…
- risk 0.59cvss 9.1epss 0.00
An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider (SP) is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL…
- risk 0.59cvss 9.1epss 0.01
Saurus CMS Community Edition since commit d886e5b0 (2010-04-23) is vulnerable to a SQL Injection vulnerability in the `prepareSearchQuery()` method in `FulltextSearch.class.php`. The application directly concatenates user-supplied input (`$search_word`) into SQL queries without…
- risk 0.59cvss 9.0epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler Code traveler-code.This issue affects Traveler Code: from n/a through < 3.1.2.
- risk 0.59cvss 9.1epss 0.00
Renwoxing Enterprise Intelligent Management System before v3.0 was discovered to contain a SQL injection vulnerability via the parid parameter at /fx/baseinfo/SearchInfo.