CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,402 vulnerabilities with CWE-89
CVE-2026-40844 MEDIUM
MB connect line mbCONNECT24 - Authenticated SQLI in Dashboard View
CVSS 6.5
CVE-2026-40843 MEDIUM
MB connect line mbCONNECT24 - Authenticated SQLI in Alarming View
CVSS 6.5
CVE-2026-40842 MEDIUM
MB connect line mbCONNECT24 - Authenticated SQLI in getWidgetTags Function
CVSS 6.5
CVE-2026-40841 MEDIUM
MB connect line mbCONNECT24 - Authenticated SQLI in getProjectTags Function
CVSS 6.5
CVE-2026-40840 MEDIUM
MB connect line mbCONNECT24 - Authenticated SQLI in VerifyCreateLicences Function
CVSS 6.5
CVE-2026-40839 MEDIUM
MB connect line mbCONNECT24 - Authenticated SQLI in getComponentScalings Function
CVSS 6.5
CVE-2026-40838 MEDIUM
MB connect line mbCONNECT24 - Authenticated SQLI in getDeviceScalings Function
CVSS 6.5
CVE-2026-40837 MEDIUM
MB connect line mbCONNECT24 - Authenticated SQLI in getProjectScalings Function
CVSS 6.5
CVE-2026-40836 HIGH
MB connect line mbCONNECT24 - Authenticated SQLI in Inmessage Model
CVSS 7.1
CVE-2026-40835 MEDIUM
MB connect line mbCONNECT24 - Authenticated SQLI in saveObjectFromData Function
CVSS 6.5
CVE-2026-40834 HIGH
MB connect line mbCONNECT24 - Authenticated SQLI in saveDashboardLayout Function
CVSS 7.1
CVE-2026-40833 HIGH
MB connect line mbCONNECT24 - Authenticated SQLI in saveDashboardLayout Function
CVSS 7.1
CVE-2026-40832 MEDIUM
MB connect line mbCONNECT24 - Authenticated SQLI in getDevicegroups Function
CVSS 6.5
CVE-2026-40831 MEDIUM
MB connect line mbCONNECT24 - Authenticated SQLI in Easy View
CVSS 6.5
CVE-2026-40830 MEDIUM
MB connect line mbCONNECT24 - Authenticated SQLI in UpdateParam Function
CVSS 5.5
CVE-2026-40829 MEDIUM
MB connect line mbCONNECT24 - Authenticated SQLI in UpdateParam Function
CVSS 5.5
CVE-2026-40828 MEDIUM
MB connect line mbCONNECT24 - Authenticated SQLI in DeleteSysLogEntry Function
CVSS 5.5
CVE-2026-40827 MEDIUM
MB connect line mbCONNECT24 - Authenticated SQLI in _RemoveRequest Function
CVSS 5.5
CVE-2026-7618 MEDIUM
EnvíaloSimple: Email Marketing y Newsletters <= 2.4.5 - Authenticated (Administrator+) SQL Injection via 'orderby' Parameter
CVSS 4.9
CVE-2026-40826 MEDIUM
MB connect line mbCONNECT24 - Authenticated SQLI in dsgvo_contracts View
CVSS 4.9
CVE-2026-40825 MEDIUM
MB connect line mbCONNECT24 - Authenticated SQLI in Accountstatus View
CVSS 5.5
CVE-2026-40824 MEDIUM
MB connect line mbCONNECT24 - Authenticated SQLI in Accountstatus View
CVSS 5.5
CVE-2026-40823 MEDIUM
MB connect line mbCONNECT24 - Authenticated SQLI in DevSerialReset Function
CVSS 5.5
CVE-2026-40822 MEDIUM
MB connect line mbCONNECT24 - Authenticated SQLI in DevSerialReset Function
CVSS 4.9
CVE-2026-40821 MEDIUM
MB connect line mbCONNECT24 - Authenticated SQLI in getAccountByID Function
CVSS 4.9
Details
Vulnerabilities 19,402
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits