VYPR

CWE-943

Improper Neutralization of Special Elements in Data Query Logic

ClassIncomplete

Description

The product generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-676

CVEs mapped to this weakness (42)

page 3 of 3
  • CVE-2025-24787Feb 6, 2025
    risk 0.00cvss epss 0.01

    WhoDB is an open source database management tool. In affected versions the application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on. The application uses string…

  • CVE-2020-5257Mar 13, 2020
    risk 0.00cvss epss 0.01

    In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the `direction` parameter…