CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,654 vulnerabilities with CWE-89
CVE-2024-57660 HIGH
openlink virtuoso-opensource 7.2.11 - Denial of Service via sqlo_expand_jts SQL Statement Handling
CVSS 7.5
CVE-2024-57658 HIGH
openlink virtuoso-opensource 7.2.11 - Denial of Service via Crafted SQL Statements
CVSS 7.5
CVE-2024-57657 HIGH
openlink virtuoso-opensource 7.2.11 - Denial of Service via sqlg_vec_upd SQL Statement
CVSS 7.5
CVE-2024-57656 HIGH
openlink virtuoso-opensource 7.2.11 - Denial of Service via Crafted SQL Statements
CVSS 7.5
CVE-2024-57653 HIGH
Virtuoso 7.2.11 - Denial of Service via Crafted SQL Statements in qst_vec_set_copy
CVSS 7.5
CVE-2024-57652 HIGH
openlink virtuoso-opensource 7.2.11 - Denial of Service via Crafted SQL Statements
CVSS 7.5
CVE-2024-57651 HIGH
openlink virtuoso-opensource 7.2.11 - Denial of Service via jp_add SQL Statement Handling
CVSS 7.5
CVE-2024-57650 HIGH
Virtuoso 7.2.11 - Denial of Service via Crafted SQL Statements in qi_inst_state_free
CVSS 7.5
CVE-2024-57649 HIGH
Virtuoso 7.2.11 - Denial of Service via Crafted SQL Statements in qst_vec_set
CVSS 7.5
CVE-2024-57648 HIGH
openlink virtuoso-opensource 7.2.11 - Denial of Service via Crafted SQL Statements
CVSS 7.5
CVE-2024-57647 HIGH
Virtuoso 7.2.11 - Denial of Service via Crafted SQL Statements in row_insert_cast
CVSS 7.5
CVE-2024-57646 HIGH
openlink virtuoso-opensource 7.2.11 - Denial of Service via Crafted SQL Statements
CVSS 7.5
CVE-2024-57645 HIGH
openlink virtuoso 7.2.11 - Denial of Service via Crafted SQL Statements
CVSS 7.5
CVE-2024-57644 HIGH
openlink virtuoso 7.2.11 - Denial of Service via Crafted SQL Statements
CVSS 7.5
CVE-2024-57643 HIGH
Virtuoso 7.2.11 - Denial of Service via Crafted SQL Statements in box_deserialize_string
CVSS 7.5
CVE-2024-57642 HIGH
openlink virtuoso-opensource 7.2.11 - Denial of Service via Crafted SQL Statements
CVSS 7.5
CVE-2024-57641 HIGH
openlink virtuoso-opensource 7.2.11 - Denial of Service via Crafted SQL Statements
CVSS 7.5
CVE-2024-57640 HIGH
openlink virtuoso-opensource 7.2.11 - Denial of Service via dc_add_int SQL Statement Handling
CVSS 7.5
CVE-2024-57639 HIGH
openlink virtuoso-opensource 7.2.11 - Denial of Service via dc_elt_size SQL Injection
CVSS 7.5
CVE-2024-57638 HIGH
openlink virtuoso-opensource 7.2.11 - Denial of Service via Crafted SQL Statements
CVSS 7.5
CVE-2024-57637 HIGH
openlink virtuoso-opensource 7.2.11 - Denial of Service via Crafted SQL Statements
CVSS 7.5
CVE-2024-57636 HIGH
openlink virtuoso-opensource 7.2.11 - Denial of Service via Crafted SQL Statements
CVSS 7.5
CVE-2024-57635 HIGH
openlink virtuoso-opensource 7.2.11 - Denial of Service via chash_array SQL Statement Handling
CVSS 7.5
CVE-2024-57634 HIGH
MonetDB Server 11.49.1 - Denial of Service via Crafted SQL Statements in exp_copy Component
CVSS 7.5
CVE-2024-57633 HIGH
MonetDB Server 11.49.1 - Denial of Service via Crafted SQL Statements
CVSS 7.5
Details
Vulnerabilities 19,654
Exploit Likelihood High