CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Hierarchy (View 1000)

Parents

CWE-943

Children

CWE-564

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7

CVEs mapped to this weakness (8,813)

page 70 of 441

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2024-51608	Hig	0.55	8.5	0.00	Nov 9, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in colinph970 AmaDiscount amadiscount allows SQL Injection.This issue affects AmaDiscount: from n/a through <= 1.0.
CVE-2024-51606	Hig	0.55	8.5	0.00	Nov 9, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Blrt Blrt WP Embed blrt-wp-embed allows SQL Injection.This issue affects Blrt WP Embed: from n/a through <= 1.6.9.
CVE-2024-51623	Hig	0.55	8.5	0.00	Nov 9, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mehral WP EIS wp-eis allows SQL Injection.This issue affects WP EIS: from n/a through <= 1.3.3.
CVE-2024-50544	Hig	0.55	8.5	0.00	Nov 9, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MicahBlu RSVP ME rsvp-me allows SQL Injection.This issue affects RSVP ME: from n/a through <= 1.9.9.
CVE-2024-50539	Hig	0.55	8.5	0.00	Nov 9, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in lodgix Lodgix.com Vacation Rental Website Builder lodgixcom-vacation-rental-listing-management-booking-plugin allows SQL Injection.This issue affects Lodgix.com Vacation Rental Website Builder: from n/a through <= 3.9.73.
CVE-2024-50524	Hig	0.55	8.5	0.00	Nov 9, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Quý Lê 91 Administrator Z administrator-z allows Blind SQL Injection.This issue affects Administrator Z: from n/a through < 2024.10.21.
CVE-2024-51625	Hig	0.55	8.5	0.00	Nov 9, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in edckwt Quran Shortcode quran-shortcode allows Blind SQL Injection.This issue affects Quran Shortcode: from n/a through <= 1.5.
CVE-2024-51621	Hig	0.55	8.5	0.00	Nov 9, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reza19 Download-Mirror-Counter wp-download-mirror-counter allows SQL Injection.This issue affects Download-Mirror-Counter: from n/a through <= 1.1.
CVE-2024-51620	Hig	0.55	8.5	0.00	Nov 9, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in porsline Porsline porsline allows Blind SQL Injection.This issue affects Porsline: from n/a through <= 1.0.2.
CVE-2024-51619	Hig	0.55	8.5	0.00	Nov 9, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in market360 Market 360 Viewer market-360-viewer allows Blind SQL Injection.This issue affects Market 360 Viewer: from n/a through <= 1.01.
CVE-2024-51607	Hig	0.55	8.5	0.00	Nov 9, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in percent20 Golf Tracker golf-tracker allows SQL Injection.This issue affects Golf Tracker: from n/a through <= 0.7.
CVE-2024-51602	Hig	0.55	8.5	0.00	Nov 9, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in oleksandr87 Simple Job Manager simple-job-manager allows SQL Injection.This issue affects Simple Job Manager: from n/a through <= 1.1.
CVE-2024-51601	Hig	0.55	8.5	0.00	Nov 9, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Maksym Marko Website price calculator price-calculator-to-your-website allows SQL Injection.This issue affects Website price calculator: from n/a through <= 4.1.
CVE-2024-51579	Hig	0.55	8.5	0.00	Nov 9, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saleswonder Team: Tobias 5 Stars Rating Funnel 5-stars-rating-funnel.This issue affects 5 Stars Rating Funnel: from n/a through <= 1.4.01.
CVE-2024-51570	Hig	0.55	8.5	0.00	Nov 9, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in odihost Easy Gallery simple-gallery-odihost allows SQL Injection.This issue affects Easy Gallery: from n/a through <= 1.4.
CVE-2024-51626	Hig	0.55	8.5	0.01	Nov 4, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in chenyenming Woocommerce Quote Calculator woo-quote-calculator-order allows Blind SQL Injection.This issue affects Woocommerce Quote Calculator: from n/a through <= 1.1.
CVE-2024-50465	Hig	0.55	8.5	0.00	Oct 28, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP SEO – Calin Vingan Premium SEO Pack allows SQL Injection.This issue affects Premium SEO Pack: from n/a through 1.6.001.
CVE-2024-49620	Hig	0.55	8.5	0.00	Oct 20, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mrcheck116 FERMA.ru.net ferma-ru-net-checkout allows Blind SQL Injection.This issue affects FERMA.ru.net: from n/a through <= 1.3.3.
CVE-2024-49619	Hig	0.55	8.5	0.00	Oct 20, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in acespritech Social Link Groups social-link-groups allows Blind SQL Injection.This issue affects Social Link Groups: from n/a through <= 1.1.0.
CVE-2024-49618	Hig	0.55	8.5	0.00	Oct 20, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jordan Lyall MyTweetLinks mytweetlinks allows Blind SQL Injection.This issue affects MyTweetLinks: from n/a through <= 1.1.1.

CVE-2024-51608HigNov 9, 2024
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in colinph970 AmaDiscount amadiscount allows SQL Injection.This issue affects AmaDiscount: from n/a through <= 1.0.
CVE-2024-51606HigNov 9, 2024
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Blrt Blrt WP Embed blrt-wp-embed allows SQL Injection.This issue affects Blrt WP Embed: from n/a through <= 1.6.9.
CVE-2024-51623HigNov 9, 2024
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mehral WP EIS wp-eis allows SQL Injection.This issue affects WP EIS: from n/a through <= 1.3.3.
CVE-2024-50544HigNov 9, 2024
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MicahBlu RSVP ME rsvp-me allows SQL Injection.This issue affects RSVP ME: from n/a through <= 1.9.9.
CVE-2024-50539HigNov 9, 2024
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in lodgix Lodgix.com Vacation Rental Website Builder lodgixcom-vacation-rental-listing-management-booking-plugin allows SQL Injection.This issue affects Lodgix.com Vacation Rental Website Builder: from n/a through <= 3.9.73.
CVE-2024-50524HigNov 9, 2024
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Quý Lê 91 Administrator Z administrator-z allows Blind SQL Injection.This issue affects Administrator Z: from n/a through < 2024.10.21.
CVE-2024-51625HigNov 9, 2024
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in edckwt Quran Shortcode quran-shortcode allows Blind SQL Injection.This issue affects Quran Shortcode: from n/a through <= 1.5.
CVE-2024-51621HigNov 9, 2024
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reza19 Download-Mirror-Counter wp-download-mirror-counter allows SQL Injection.This issue affects Download-Mirror-Counter: from n/a through <= 1.1.
CVE-2024-51620HigNov 9, 2024
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in porsline Porsline porsline allows Blind SQL Injection.This issue affects Porsline: from n/a through <= 1.0.2.
CVE-2024-51619HigNov 9, 2024
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in market360 Market 360 Viewer market-360-viewer allows Blind SQL Injection.This issue affects Market 360 Viewer: from n/a through <= 1.01.
CVE-2024-51607HigNov 9, 2024
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in percent20 Golf Tracker golf-tracker allows SQL Injection.This issue affects Golf Tracker: from n/a through <= 0.7.
CVE-2024-51602HigNov 9, 2024
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in oleksandr87 Simple Job Manager simple-job-manager allows SQL Injection.This issue affects Simple Job Manager: from n/a through <= 1.1.
CVE-2024-51601HigNov 9, 2024
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Maksym Marko Website price calculator price-calculator-to-your-website allows SQL Injection.This issue affects Website price calculator: from n/a through <= 4.1.
CVE-2024-51579HigNov 9, 2024
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saleswonder Team: Tobias 5 Stars Rating Funnel 5-stars-rating-funnel.This issue affects 5 Stars Rating Funnel: from n/a through <= 1.4.01.
CVE-2024-51570HigNov 9, 2024
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in odihost Easy Gallery simple-gallery-odihost allows SQL Injection.This issue affects Easy Gallery: from n/a through <= 1.4.
CVE-2024-51626HigNov 4, 2024
risk 0.55cvss 8.5epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in chenyenming Woocommerce Quote Calculator woo-quote-calculator-order allows Blind SQL Injection.This issue affects Woocommerce Quote Calculator: from n/a through <= 1.1.
CVE-2024-50465HigOct 28, 2024
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP SEO – Calin Vingan Premium SEO Pack allows SQL Injection.This issue affects Premium SEO Pack: from n/a through 1.6.001.
CVE-2024-49620HigOct 20, 2024
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mrcheck116 FERMA.ru.net ferma-ru-net-checkout allows Blind SQL Injection.This issue affects FERMA.ru.net: from n/a through <= 1.3.3.
CVE-2024-49619HigOct 20, 2024
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in acespritech Social Link Groups social-link-groups allows Blind SQL Injection.This issue affects Social Link Groups: from n/a through <= 1.1.0.
CVE-2024-49618HigOct 20, 2024
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jordan Lyall MyTweetLinks mytweetlinks allows Blind SQL Injection.This issue affects MyTweetLinks: from n/a through <= 1.1.1.