CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7
CVEs mapped to this weakness (10,236)
page 80 of 512| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-15887 | — | Hig | 0.57 | 8.8 | 0.01 | Jul 23, 2020 | A SQL injection vulnerability in softwareupdate_controller.php in the Software Update module before 1.6 for MunkiReport allows attackers to execute arbitrary SQL commands via the last URL parameter of the /module/softwareupdate/get_tab_data/ endpoint. | |
| CVE-2020-15886 | — | Hig | 0.57 | 8.8 | 0.01 | Jul 23, 2020 | A SQL injection vulnerability in reportdata_controller.php in the reportdata module before 3.5 for MunkiReport allows attackers to execute arbitrary SQL commands via the req parameter of the /module/reportdata/ip endpoint. | |
| CVE-2020-7981 | — | Cri | 0.57 | 9.8 | 0.01 | Jan 25, 2020 | sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when within_bounding_box is used in conjunction with untrusted sw_lat, sw_lng, ne_lat, or ne_lng data. | |
| CVE-2020-7939 | — | Hig | 0.57 | 8.8 | 0.01 | Jan 23, 2020 | SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. (This is a problem in Zope.) | |
| CVE-2019-18622 | — | Cri | 0.57 | 9.8 | 0.03 | Nov 22, 2019 | An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature. | |
| CVE-2019-10766 | — | Cri | 0.57 | 9.8 | 0.01 | Nov 19, 2019 | Pixie versions 1.0.x before 1.0.3, and 2.0.x before 2.0.2 allow SQL Injection in the limit() function due to improper sanitization. | |
| CVE-2010-3662 | — | Hig | 0.57 | 8.8 | 0.01 | Nov 4, 2019 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend. | |
| CVE-2019-10762 | — | Cri | 0.57 | 9.8 | 0.01 | Oct 30, 2019 | columnQuote in medoo before 1.7.5 allows remote attackers to perform a SQL Injection due to improper escaping. | |
| CVE-2019-10749 | Cri | 0.57 | 9.8 | 0.01 | Oct 29, 2019 | sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect. | ||
| CVE-2019-10748 | Cri | 0.57 | 9.8 | 0.01 | Oct 29, 2019 | Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properly escaped for the MySQL/MariaDB dialects. | ||
| CVE-2015-0270 | Cri | 0.57 | 9.8 | 0.01 | Oct 25, 2019 | Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter. | ||
| CVE-2019-10752 | Cri | 0.57 | 9.8 | 0.01 | Oct 17, 2019 | Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function not escaping values properly when formatting sub paths for JSON queries for MySQL, MariaDB and SQLite. | ||
| CVE-2019-16194 | — | Cri | 0.57 | 9.8 | 0.02 | Sep 25, 2019 | SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php. | |
| CVE-2019-10671 | — | Hig | 0.57 | 8.8 | 0.01 | Sep 9, 2019 | An issue was discovered in LibreNMS through 1.47. It does not parameterize all user supplied input within database queries, resulting in SQL injection. An authenticated attacker can subvert these database queries to extract or manipulate data, as demonstrated by the graph.php… | |
| CVE-2019-15570 | — | Cri | 0.57 | 9.8 | 0.01 | Aug 26, 2019 | BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters. | |
| CVE-2019-15563 | — | Cri | 0.57 | 9.8 | 0.02 | Aug 26, 2019 | Observational Health Data Sciences and Informatics (OHDSI) WebAPI before 2.7.2 allows SQL injection in FeatureExtractionService.java. | |
| CVE-2019-1010259 | Cri | 0.57 | 9.8 | 0.02 | Jul 18, 2019 | SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from the MySQL module for Salt. The attack vector is:… | ||
| CVE-2019-11512 | — | Cri | 0.57 | 9.8 | 0.01 | Jul 9, 2019 | Contao 4.x allows SQL Injection. Fixed in Contao 4.4.39 and Contao 4.7.5. | |
| CVE-2019-9039 | — | Cri | 0.57 | 9.8 | 0.03 | Jun 26, 2019 | In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway’s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary N1QL functions through the parameters "startkey" and "endkey" on the "_all_docs" endpoint.… | |
| CVE-2019-11768 | — | Cri | 0.57 | 9.8 | 0.04 | Jun 5, 2019 | An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature. |
- risk 0.57cvss 8.8epss 0.01
A SQL injection vulnerability in softwareupdate_controller.php in the Software Update module before 1.6 for MunkiReport allows attackers to execute arbitrary SQL commands via the last URL parameter of the /module/softwareupdate/get_tab_data/ endpoint.
- risk 0.57cvss 8.8epss 0.01
A SQL injection vulnerability in reportdata_controller.php in the reportdata module before 3.5 for MunkiReport allows attackers to execute arbitrary SQL commands via the req parameter of the /module/reportdata/ip endpoint.
- risk 0.57cvss 9.8epss 0.01
sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when within_bounding_box is used in conjunction with untrusted sw_lat, sw_lng, ne_lat, or ne_lng data.
- risk 0.57cvss 8.8epss 0.01
SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. (This is a problem in Zope.)
- risk 0.57cvss 9.8epss 0.03
An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.
- risk 0.57cvss 9.8epss 0.01
Pixie versions 1.0.x before 1.0.3, and 2.0.x before 2.0.2 allow SQL Injection in the limit() function due to improper sanitization.
- risk 0.57cvss 8.8epss 0.01
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend.
- risk 0.57cvss 9.8epss 0.01
columnQuote in medoo before 1.7.5 allows remote attackers to perform a SQL Injection due to improper escaping.
- risk 0.57cvss 9.8epss 0.01
sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect.
- risk 0.57cvss 9.8epss 0.01
Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properly escaped for the MySQL/MariaDB dialects.
- risk 0.57cvss 9.8epss 0.01
Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter.
- risk 0.57cvss 9.8epss 0.01
Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function not escaping values properly when formatting sub paths for JSON queries for MySQL, MariaDB and SQLite.
- risk 0.57cvss 9.8epss 0.02
SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php.
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in LibreNMS through 1.47. It does not parameterize all user supplied input within database queries, resulting in SQL injection. An authenticated attacker can subvert these database queries to extract or manipulate data, as demonstrated by the graph.php…
- risk 0.57cvss 9.8epss 0.01
BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters.
- risk 0.57cvss 9.8epss 0.02
Observational Health Data Sciences and Informatics (OHDSI) WebAPI before 2.7.2 allows SQL injection in FeatureExtractionService.java.
- risk 0.57cvss 9.8epss 0.02
SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from the MySQL module for Salt. The attack vector is:…
- risk 0.57cvss 9.8epss 0.01
Contao 4.x allows SQL Injection. Fixed in Contao 4.4.39 and Contao 4.7.5.
- risk 0.57cvss 9.8epss 0.03
In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway’s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary N1QL functions through the parameters "startkey" and "endkey" on the "_all_docs" endpoint.…
- risk 0.57cvss 9.8epss 0.04
An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature.