VYPR

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7

CVEs mapped to this weakness (10,236)

page 79 of 512
  • CVE-2022-34115CriJul 22, 2022
    risk 0.57cvss 9.8epss 0.01

    DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId.

  • CVE-2022-34114HigJul 22, 2022
    risk 0.57cvss 8.8epss 0.01

    Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId.

  • CVE-2021-42655HigMay 24, 2022
    risk 0.57cvss 8.8epss 0.01

    SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability.

  • CVE-2022-30599CriMay 18, 2022
    risk 0.57cvss 9.8epss 0.01

    A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.

  • CVE-2022-30765CriMay 16, 2022
    risk 0.57cvss 9.8epss 0.01

    Calibre-Web before 0.6.18 allows user table SQL Injection.

  • CVE-2022-1453CriMay 10, 2022
    risk 0.57cvss 9.8epss 0.07

    The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attackers to steal sensitive…

  • CVE-2022-28111CriMay 4, 2022
    risk 0.57cvss 9.8epss 0.02

    MyBatis PageHelper v1.x.x-v3.7.0 v4.0.0-v5.0.0,v5.1.0-v5.3.0 was discovered to contain a time-blind SQL injection vulnerability via the orderBy parameter.

  • CVE-2022-28347CriApr 12, 2022
    risk 0.57cvss 9.8epss 0.03

    A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name.

  • CVE-2022-24752CriMar 15, 2022
    risk 0.57cvss 9.8epss 0.01

    SyliusGridBundle is a package of generic data grids for Symfony applications. Prior to versions 1.10.1 and 1.11-rc2, values added at the end of query sorting were passed directly to the database. The maintainers do not know if this could lead to direct SQL injections but took…

  • CVE-2022-0254CriMar 14, 2022
    risk 0.57cvss 9.8epss 0.02

    The WordPress Zero Spam WordPress plugin before 5.2.11 does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a SQL injection

  • CVE-2022-0362CriJan 26, 2022
    risk 0.57cvss 9.8epss 0.01

    SQL Injection in Packagist showdoc/showdoc prior to 2.10.3.

  • CVE-2021-46089CriJan 25, 2022
    risk 0.57cvss 9.8epss 0.02

    In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges.

  • CVE-2022-0224CriJan 14, 2022
    risk 0.57cvss 9.8epss 0.02

    dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command

  • CVE-2021-43608CriDec 9, 2021
    risk 0.57cvss 9.8epss 0.02

    Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of offset and length inputs to the generation of a LIMIT clause was not probably cast to an integer, allowing SQL injection to take place if application developers passed unescaped user input to the DBAL…

  • CVE-2021-27644HigNov 1, 2021
    risk 0.57cvss 8.8epss 0.02

    In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)

  • CVE-2021-41971HigOct 18, 2021
    risk 0.57cvss 8.8epss 0.02

    Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with a custom URL.

  • CVE-2020-21809CriJul 30, 2021
    risk 0.57cvss 9.8epss 0.02

    SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the (1) listid parameter in detail.php and the (2) group_price or groupid parameters in search_result.php.

  • CVE-2020-18155CriJul 14, 2021
    risk 0.57cvss 9.8epss 0.01

    SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page if a website uses a PDO connection.

  • CVE-2021-29053HigMay 17, 2021
    risk 0.57cvss 8.8epss 0.01

    Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1 allow remote authenticated users to execute arbitrary SQL commands via the classPKField parameter to (1) CommerceChannelRelFinder.countByC_C, or (2)…

  • CVE-2019-7726CriDec 31, 2020
    risk 0.57cvss 9.8epss 0.02

    modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL INSERT statement with raw header data from an HTTP request (e.g., Referer and User-Agent).