CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7
CVEs mapped to this weakness (10,236)
page 68 of 512| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-39907 | Cri | 0.59 | 9.8 | 0.29 | Jul 18, 2024 | 1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls.… | ||
| CVE-2024-36840 | Cri | 0.59 | 9.1 | 0.02 | Jun 12, 2024 | SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the id parameter to news_details.php and location_details.php; and the section parameter to services.php. | ||
| CVE-2024-5314 | — | Cri | 0.59 | 9.1 | 0.01 | May 24, 2024 | Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters… | |
| CVE-2024-27574 | Cri | 0.59 | 9.1 | 0.01 | Apr 22, 2024 | SQL Injection vulnerability in Trainme Academy version Ichin v.1.3.2 allows a remote attacker to obtain sensitive information via the informacion, idcurso, and tit parameters. | ||
| CVE-2021-21427 | Cri | 0.59 | 9.1 | 0.01 | Apr 21, 2021 | Magento-lts is a long-term support alternative to Magento Community Edition (CE). A vulnerability in magento-lts versions before 19.4.13 and 20.0.9 potentially allows an administrator unauthorized access to restricted resources. This is a backport of CVE-2021-21024. The… | ||
| CVE-2021-21024 | Cri | 0.59 | 9.1 | 0.03 | Feb 11, 2021 | Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a blind SQL injection vulnerability in the Search module. Successful exploitation could lead to unauthorized access to restricted resources by an unauthenticated attacker. Access… | ||
| CVE-2020-13921 | Cri | 0.59 | 9.8 | 0.33 | Aug 5, 2020 | **Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases. | ||
| CVE-2018-7528 | Cri | 0.59 | 9.1 | 0.02 | Mar 22, 2018 | An SQL injection vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an attacker to alter stored data. | ||
| CVE-2018-3605 | Hig | 0.59 | 8.8 | 0.20 | Feb 9, 2018 | TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | ||
| CVE-2016-9272 | Cri | 0.59 | 9.1 | 0.02 | Nov 11, 2016 | A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service. | ||
| CVE-2016-1154 | Cri | 0.59 | 9.1 | 0.01 | Feb 19, 2016 | SQL injection vulnerability in the Help plug-in 1.3.5 and earlier in Cuore EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||
| CVE-2026-8054 | Cri | 0.58 | — | 0.02 | May 27, 2026 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in the Publish Audit API endpoints (/api/auditPublishing/get and /api/auditPublishing/getAll) in dotCMS Core 25.11.04-1 through 26.04.28-02 allows remote unauthenticated attackers to read,… | ||
| CVE-2026-42031 | Cri | 0.58 | 9.8 | 0.02 | May 13, 2026 | CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastore_search_sql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information This… | ||
| CVE-2025-54119 | Cri | 0.58 | 10.0 | 0.00 | Aug 5, 2025 | ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a… | ||
| CVE-2025-46337 | Cri | 0.58 | 10.0 | 0.01 | May 1, 2025 | ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a… | ||
| CVE-2024-8309 | Cri | 0.58 | 9.8 | 0.14 | Oct 29, 2024 | A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection. This vulnerability can lead to unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in… | ||
| CVE-2024-39309 | Cri | 0.58 | 9.8 | 0.20 | Jul 1, 2024 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection… | ||
| CVE-2024-6028 | Cri | 0.58 | 9.8 | 0.12 | Jun 25, 2024 | The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'ays_questions' parameter in all versions up to, and including, 6.5.8.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.… | ||
| CVE-2024-4295 | Cri | 0.58 | 9.8 | 0.10 | Jun 5, 2024 | The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘hash’ parameter in all versions up to, and including, 5.7.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing… | ||
| CVE-2024-4443 | Cri | 0.58 | 9.8 | 0.10 | May 22, 2024 | The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter… |
- risk 0.59cvss 9.8epss 0.29
1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls.…
- risk 0.59cvss 9.1epss 0.02
SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the id parameter to news_details.php and location_details.php; and the section parameter to services.php.
- risk 0.59cvss 9.1epss 0.01
Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters…
- risk 0.59cvss 9.1epss 0.01
SQL Injection vulnerability in Trainme Academy version Ichin v.1.3.2 allows a remote attacker to obtain sensitive information via the informacion, idcurso, and tit parameters.
- risk 0.59cvss 9.1epss 0.01
Magento-lts is a long-term support alternative to Magento Community Edition (CE). A vulnerability in magento-lts versions before 19.4.13 and 20.0.9 potentially allows an administrator unauthorized access to restricted resources. This is a backport of CVE-2021-21024. The…
- risk 0.59cvss 9.1epss 0.03
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a blind SQL injection vulnerability in the Search module. Successful exploitation could lead to unauthorized access to restricted resources by an unauthenticated attacker. Access…
- risk 0.59cvss 9.8epss 0.33
**Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases.
- risk 0.59cvss 9.1epss 0.02
An SQL injection vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an attacker to alter stored data.
- risk 0.59cvss 8.8epss 0.20
TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.
- risk 0.59cvss 9.1epss 0.02
A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service.
- risk 0.59cvss 9.1epss 0.01
SQL injection vulnerability in the Help plug-in 1.3.5 and earlier in Cuore EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- risk 0.58cvss —epss 0.02
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in the Publish Audit API endpoints (/api/auditPublishing/get and /api/auditPublishing/getAll) in dotCMS Core 25.11.04-1 through 26.04.28-02 allows remote unauthenticated attackers to read,…
- risk 0.58cvss 9.8epss 0.02
CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastore_search_sql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information This…
- risk 0.58cvss 10.0epss 0.00
ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a…
- risk 0.58cvss 10.0epss 0.01
ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a…
- risk 0.58cvss 9.8epss 0.14
A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection. This vulnerability can lead to unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in…
- risk 0.58cvss 9.8epss 0.20
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection…
- risk 0.58cvss 9.8epss 0.12
The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'ays_questions' parameter in all versions up to, and including, 6.5.8.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.…
- risk 0.58cvss 9.8epss 0.10
The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘hash’ parameter in all versions up to, and including, 5.7.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing…
- risk 0.58cvss 9.8epss 0.10
The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter…