CWE-943

Improper Neutralization of Special Elements in Data Query Logic

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query.

56 vulnerabilities with CWE-943
CVE-2021-1349 MEDIUM
Cisco SD-WAN vManage Software - SQL Injection
CVSS 6.5
CVE-2020-36195 CRITICAL
QNAP QTS - SQL Injection via Multimedia Console or Media Streaming Add-on
CVSS 9.8
CVE-2020-5257 HIGH
Administrate < 0.13.0 - SQL Injection via Direction Parameter
CVSS 7.7
CVE-2018-19952 HIGH
QNAP Music Station < 5.3.11 - SQL Injection
CVSS 7.5
CVE-2018-7829 HIGH
Pelco Sarix Enhanced Camera/Spectra Enhanced PTZ Camera - Code Inje...
CVSS 8.8
CVE-2017-12904 HIGH
Newsbeuter 0.7-2.9 - Remote Code Execution via RSS Item Title or URL
CVSS 8.8
Details
Vulnerabilities 56
Links
MITRE CWE Entry Search this CWE With Exploits