VYPR

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7

CVEs mapped to this weakness (10,236)

page 71 of 512
  • CVE-2026-42237HigMay 4, 2026
    risk 0.57cvss 8.8epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table…

  • CVE-2026-42229HigMay 4, 2026
    risk 0.57cvss 8.8epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or…

  • CVE-2026-7489HigMay 2, 2026
    risk 0.57cvss 8.8epss 0.00

    CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

  • CVE-2026-40978HigApr 28, 2026
    risk 0.57cvss 8.8epss 0.00

    SQL injection vulnerability in Spring AI's `CosmosDBVectorStore` allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)

  • CVE-2026-41478CriApr 24, 2026
    risk 0.57cvss 9.9epss 0.00

    Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject…

  • CVE-2026-33078CriApr 24, 2026
    risk 0.57cvss 9.8epss 0.00

    Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 8.2.6.4 have a SQL injection vulnerability in the haproxy_section_save function in app/routes/config/routes.py. The server_ip parameter, sourced from the URL path, is passed…

  • CVE-2026-29198CriApr 23, 2026
    risk 0.57cvss 9.8epss 0.00

    In Rocket.Chat <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, and <7.10.9, a NoSQL injection vulnerability can lead to account takeover of the first user with a generated token when an OAuth app is configured.

  • CVE-2026-40906CriApr 21, 2026
    risk 0.57cvss 9.9epss 0.00

    Electric is a Postgres sync engine. From 1.1.12 to before 1.5.0, the order_by parameter in the ElectricSQL /v1/shape API is vulnerable to error-based SQL injection, allowing any authenticated user to read, write, and destroy the full contents of the underlying PostgreSQL…

  • CVE-2026-34018CriApr 17, 2026
    risk 0.57cvss 9.8epss 0.00

    An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to execute an arbitrary SQL statement on the product.

  • CVE-2026-33122CriApr 16, 2026
    risk 0.57cvss 9.8epss 0.00

    DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource update process. When a new table definition is added during a datasource update via /de2api/datasource/update, the…

  • CVE-2026-33082CriApr 16, 2026
    risk 0.57cvss 9.8epss 0.00

    DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in the dataset export functionality. The expressionTree parameter in POST /de2api/datasetTree/exportDataset is deserialized into a filtering object and…

  • CVE-2026-39815HigApr 14, 2026
    risk 0.57cvss 8.8epss 0.00

    A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiDDoS-F 7.2.1 through 7.2.2 may allow attacker to execute unauthorized code or commands via sending crafted HTTP requests

  • CVE-2026-40315CriApr 14, 2026
    risk 0.57cvss 9.8epss 0.00

    PraisonAI is a multi-agent teams system. Prior to 4.5.133, there is an SQL identifier injection vulnerability in SQLiteConversationStore where the table_prefix configuration value is directly concatenated into SQL queries via f-strings without any validation or sanitization.…

  • CVE-2026-34186HigApr 13, 2026
    risk 0.57cvss 8.8epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields. This issue affects Pandora FMS: from 777 through 800

  • CVE-2026-30813HigApr 13, 2026
    risk 0.57cvss 8.8epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search. This issue affects Pandora FMS: from 777 through 800

  • CVE-2026-23780HigApr 10, 2026
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to improper input validation and unsafe dynamic SQL handling. Successful…

  • CVE-2026-34185HigApr 9, 2026
    risk 0.57cvss 8.8epss 0.00

    Hydrosystem Control System is vulnerable to SQL Injection across most scripts and input parameters. Because no protections are in place, an authenticated attacker can inject arbitrary SQL commands, potentially gaining full control over the database.This issue was fixed in…

  • CVE-2026-24913HigApr 8, 2026
    risk 0.57cvss 8.8epss 0.00

    SQL Injection vulnerability exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exploited, information stored in the database may be obtained or altered by a user who can log in to the product.

  • CVE-2026-35614CriApr 7, 2026
    risk 0.57cvss 9.8epss 0.00

    Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe has a SQL injection in bulk_update. This vulnerability is fixed in 16.14.0 and 15.104.0.

  • CVE-2026-23696CriApr 7, 2026
    risk 0.57cvss 9.9epss 0.05

    Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the folder ownership management functionality that allows authenticated attackers to inject SQL through the owner parameter. An attacker can use the injection to read sensitive data…