VYPR

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7

CVEs mapped to this weakness (10,236)

page 67 of 512
  • CVE-2017-14844HigSep 28, 2017
    risk 0.60cvss 8.8epss 0.03

    Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter.

  • CVE-2017-14843HigSep 28, 2017
    risk 0.60cvss 8.8epss 0.03

    Mojoomla School Management System for WordPress allows SQL Injection via the id parameter.

  • CVE-2017-14842HigSep 28, 2017
    risk 0.60cvss 8.8epss 0.03

    Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter.

  • CVE-2017-14396CriSep 12, 2017
    risk 0.60cvss 9.8epss 0.03

    In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php.

  • CVE-2017-9429HigJun 13, 2017
    risk 0.60cvss 8.8epss 0.03

    SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress allows an authenticated user to execute arbitrary SQL commands via the id parameter to wp-admin/admin.php.

  • CVE-2017-9418HigJun 12, 2017
    risk 0.60cvss 8.8epss 0.02

    SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php.

  • CVE-2017-7952HigMay 16, 2017
    risk 0.60cvss 8.8epss 0.01

    INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter.

  • CVE-2015-7569HigApr 24, 2017
    risk 0.60cvss 8.8epss 0.03

    SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter.

  • CVE-2015-7564CriApr 12, 2017
    risk 0.60cvss 9.8epss 0.03

    Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b)…

  • CVE-2015-4592HigJan 10, 2017
    risk 0.60cvss 8.8epss 0.03

    eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as part of user input.

  • CVE-2026-54350criJun 23, 2026
    risk 0.59cvss epss 0.01

    ## Summary `enrichContext` at `packages/server/src/sdk/workspace/queries/queries.ts:121-138` substitutes parameter values into the raw JSON body of a query, then `JSON.parse`s the result. The validator `validateQueryInputs` at `packages/server/src/api/controllers/query/index.ts:…

  • CVE-2026-37347CriApr 16, 2026
    risk 0.59cvss 9.1epss 0.00

    SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_employee.php.

  • CVE-2026-33615CriApr 2, 2026
    risk 0.59cvss 9.1epss 0.00

    An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This can result in a total loss of integrity and availability.

  • CVE-2026-34374CriMar 27, 2026
    risk 0.59cvss 9.1epss 0.00

    WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `Live_schedule::keyExists()` method constructs a SQL query by interpolating a stream key directly into the query string without parameterization. This method is called as a fallback from…

  • CVE-2025-61675HigOct 14, 2025
    risk 0.59cvss epss 0.39

    FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple…

  • CVE-2025-10726CriOct 3, 2025
    risk 0.59cvss 9.1epss 0.00

    The WPRecovery plugin for WordPress is vulnerable to SQL Injection via the 'data[id]' parameter in all versions up to, and including, 2.0. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes…

  • CVE-2025-9943CriSep 10, 2025
    risk 0.59cvss 9.1epss 0.00

    An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider (SP) is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL…

  • CVE-2025-52390CriAug 1, 2025
    risk 0.59cvss 9.1epss 0.01

    Saurus CMS Community Edition since commit d886e5b0 (2010-04-23) is vulnerable to a SQL Injection vulnerability in the `prepareSearchQuery()` method in `FulltextSearch.class.php`. The application directly concatenates user-supplied input (`$search_word`) into SQL queries without…

  • CVE-2025-22699CriFeb 4, 2025
    risk 0.59cvss 9.0epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler Code traveler-code.This issue affects Traveler Code: from n/a through < 3.1.2.

  • CVE-2024-43040CriSep 10, 2024
    risk 0.59cvss 9.1epss 0.00

    Renwoxing Enterprise Intelligent Management System before v3.0 was discovered to contain a SQL injection vulnerability via the parid parameter at /fx/baseinfo/SearchInfo.