CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7
CVEs mapped to this weakness (10,236)
page 79 of 512| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-34115 | Cri | 0.57 | 9.8 | 0.01 | Jul 22, 2022 | DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId. | ||
| CVE-2022-34114 | Hig | 0.57 | 8.8 | 0.01 | Jul 22, 2022 | Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId. | ||
| CVE-2021-42655 | Hig | 0.57 | 8.8 | 0.01 | May 24, 2022 | SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability. | ||
| CVE-2022-30599 | Cri | 0.57 | 9.8 | 0.01 | May 18, 2022 | A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria. | ||
| CVE-2022-30765 | — | Cri | 0.57 | 9.8 | 0.01 | May 16, 2022 | Calibre-Web before 0.6.18 allows user table SQL Injection. | |
| CVE-2022-1453 | Cri | 0.57 | 9.8 | 0.07 | May 10, 2022 | The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attackers to steal sensitive… | ||
| CVE-2022-28111 | — | Cri | 0.57 | 9.8 | 0.02 | May 4, 2022 | MyBatis PageHelper v1.x.x-v3.7.0 v4.0.0-v5.0.0,v5.1.0-v5.3.0 was discovered to contain a time-blind SQL injection vulnerability via the orderBy parameter. | |
| CVE-2022-28347 | Cri | 0.57 | 9.8 | 0.03 | Apr 12, 2022 | A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name. | ||
| CVE-2022-24752 | Cri | 0.57 | 9.8 | 0.01 | Mar 15, 2022 | SyliusGridBundle is a package of generic data grids for Symfony applications. Prior to versions 1.10.1 and 1.11-rc2, values added at the end of query sorting were passed directly to the database. The maintainers do not know if this could lead to direct SQL injections but took… | ||
| CVE-2022-0254 | Cri | 0.57 | 9.8 | 0.02 | Mar 14, 2022 | The WordPress Zero Spam WordPress plugin before 5.2.11 does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a SQL injection | ||
| CVE-2022-0362 | — | Cri | 0.57 | 9.8 | 0.01 | Jan 26, 2022 | SQL Injection in Packagist showdoc/showdoc prior to 2.10.3. | |
| CVE-2021-46089 | Cri | 0.57 | 9.8 | 0.02 | Jan 25, 2022 | In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges. | ||
| CVE-2022-0224 | Cri | 0.57 | 9.8 | 0.02 | Jan 14, 2022 | dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command | ||
| CVE-2021-43608 | — | Cri | 0.57 | 9.8 | 0.02 | Dec 9, 2021 | Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of offset and length inputs to the generation of a LIMIT clause was not probably cast to an integer, allowing SQL injection to take place if application developers passed unescaped user input to the DBAL… | |
| CVE-2021-27644 | Hig | 0.57 | 8.8 | 0.02 | Nov 1, 2021 | In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password) | ||
| CVE-2021-41971 | Hig | 0.57 | 8.8 | 0.02 | Oct 18, 2021 | Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with a custom URL. | ||
| CVE-2020-21809 | — | Cri | 0.57 | 9.8 | 0.02 | Jul 30, 2021 | SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the (1) listid parameter in detail.php and the (2) group_price or groupid parameters in search_result.php. | |
| CVE-2020-18155 | — | Cri | 0.57 | 9.8 | 0.01 | Jul 14, 2021 | SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page if a website uses a PDO connection. | |
| CVE-2021-29053 | — | Hig | 0.57 | 8.8 | 0.01 | May 17, 2021 | Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1 allow remote authenticated users to execute arbitrary SQL commands via the classPKField parameter to (1) CommerceChannelRelFinder.countByC_C, or (2)… | |
| CVE-2019-7726 | — | Cri | 0.57 | 9.8 | 0.02 | Dec 31, 2020 | modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL INSERT statement with raw header data from an HTTP request (e.g., Referer and User-Agent). |
- risk 0.57cvss 9.8epss 0.01
DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId.
- risk 0.57cvss 8.8epss 0.01
Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId.
- risk 0.57cvss 8.8epss 0.01
SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability.
- risk 0.57cvss 9.8epss 0.01
A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.
- risk 0.57cvss 9.8epss 0.01
Calibre-Web before 0.6.18 allows user table SQL Injection.
- risk 0.57cvss 9.8epss 0.07
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attackers to steal sensitive…
- risk 0.57cvss 9.8epss 0.02
MyBatis PageHelper v1.x.x-v3.7.0 v4.0.0-v5.0.0,v5.1.0-v5.3.0 was discovered to contain a time-blind SQL injection vulnerability via the orderBy parameter.
- risk 0.57cvss 9.8epss 0.03
A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name.
- risk 0.57cvss 9.8epss 0.01
SyliusGridBundle is a package of generic data grids for Symfony applications. Prior to versions 1.10.1 and 1.11-rc2, values added at the end of query sorting were passed directly to the database. The maintainers do not know if this could lead to direct SQL injections but took…
- risk 0.57cvss 9.8epss 0.02
The WordPress Zero Spam WordPress plugin before 5.2.11 does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a SQL injection
- risk 0.57cvss 9.8epss 0.01
SQL Injection in Packagist showdoc/showdoc prior to 2.10.3.
- risk 0.57cvss 9.8epss 0.02
In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges.
- risk 0.57cvss 9.8epss 0.02
dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
- risk 0.57cvss 9.8epss 0.02
Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of offset and length inputs to the generation of a LIMIT clause was not probably cast to an integer, allowing SQL injection to take place if application developers passed unescaped user input to the DBAL…
- risk 0.57cvss 8.8epss 0.02
In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)
- risk 0.57cvss 8.8epss 0.02
Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with a custom URL.
- risk 0.57cvss 9.8epss 0.02
SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the (1) listid parameter in detail.php and the (2) group_price or groupid parameters in search_result.php.
- risk 0.57cvss 9.8epss 0.01
SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page if a website uses a PDO connection.
- risk 0.57cvss 8.8epss 0.01
Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1 allow remote authenticated users to execute arbitrary SQL commands via the classPKField parameter to (1) CommerceChannelRelFinder.countByC_C, or (2)…
- risk 0.57cvss 9.8epss 0.02
modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL INSERT statement with raw header data from an HTTP request (e.g., Referer and User-Agent).