CWE-943

Improper Neutralization of Special Elements in Data Query Logic

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query.

27 vulnerabilities with CWE-943
CVE-2026-30833
Rocket.Chat <8.2.0 - NoSQL Injection
CVE-2026-28211 HIGH
NVDA Dev & Test Toolbox 2.0-8.0 - Code Injection
CVSS 7.8
CVE-2026-25591 MEDIUM
New API <0.10.8-alpha.10 - SQL Injection
CVSS 6.5
CVE-2026-25514 HIGH
Facturascripts < 2025.81 - SQL Injection
CVSS 8.8
CVE-2026-25513 HIGH
Facturascripts < 2025.81 - SQL Injection
CVSS 8.8
CVE-2025-36442 MEDIUM
IBM Db2 < 11.5.9 - Denial of Service
CVSS 6.5
CVE-2025-36366 MEDIUM
IBM Db2 < 11.5.9 - Denial of Service
CVSS 6.5
CVE-2025-36353 MEDIUM
IBM Db2 < 11.5.9 - Denial of Service
CVSS 6.2
CVE-2026-0504 LOW
SAP Identity Management - Info Disclosure
CVSS 3.8
CVE-2025-42884 MEDIUM
SAP NetWeaver Enterprise Portal - Info Disclosure
CVSS 6.5
CVE-2025-36185 MEDIUM
IBM Db2 < 12.1.2 - Denial of Service
CVSS 6.2
CVE-2025-23292 MEDIUM
NVIDIA Delegated Licensing Service - SQL Injection
CVSS 4.6
CVE-2025-33114 MEDIUM
IBM Db2 for Linux <12.1.2 - DoS
CVSS 5.3
CVE-2025-24787 HIGH
WhoDB - Info Disclosure
CVSS 8.6
CVE-2021-1481 MEDIUM
Cisco SD-WAN vManage Software - SQL Injection
CVSS 4.3
CVE-2024-4872 CRITICAL
MicroSCADA Pro/X SYS600 - Code Injection
CVSS 9.9
CVE-2024-35136 MEDIUM
IBM Db2 < 10.5.11 - Denial of Service
CVSS 5.3
CVE-2024-31882 MEDIUM
IBM Db2 <11.1,11.5 - DoS
CVSS 5.3
CVE-2024-28192 MEDIUM
Yooooomi Your Spotify < 1.8.0 - SQL Injection
CVSS 5.3
CVE-2022-36084 CRITICAL
cruddl <2.7.0-3.0.2 - Code Injection
CVSS 9.9
CVE-2021-34712 MEDIUM
Cisco SD-WAN vManage Software - SQL Injection
CVSS 5.4
CVE-2020-36195 CRITICAL
Qnap Qts < 4.3.3 - SQL Injection
CVSS 9.8
CVE-2021-1349 MEDIUM
Cisco SD-WAN vManage Software - SQL Injection
CVSS 6.5
CVE-2018-19952 HIGH
Qnap Music Station < 5.3.11 - Basic XSS
CVSS 7.5
CVE-2020-5257 HIGH
Thoughtbot Administrate < 0.13.0 - SQL Injection
CVSS 7.7
Details
Vulnerabilities 27
Links
MITRE CWE Entry Search this CWE With Exploits