CWE-89 SQL命令中使用的特殊元素转义处理不恰当(SQL注入) 类弱点 9545 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-89即SQL注入,属于输入验证类漏洞。当软件未对用户输入进行充分净化或转义,直接将其拼接到SQL命令中时,攻击者可注入恶意SQL代码,从而篡改查询逻辑、绕过身份验证或窃取敏感数据。开发者应避免直接拼接字符串,转而使用参数化查询或预编译语句,确保用户输入仅被视为数据而非可执行代码,从而从根本上阻断注入路径。
... string userName = ctx.getAuthenticatedUserName(); string query = "SELECT * FROM items WHERE owner = '" + userName + "' AND itemname = '" + ItemName.Text + "'"; sda = new SqlDataAdapter(query, conn); DataTable dt = new DataTable(); sda.Fill(dt); ...SELECT * FROM items WHERE owner = <userName> AND itemname = <itemName>;| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2025-6095 | Jasmin The Ransomware 注入漏洞 — Jasmin Ransomware | 7.3 | High | 2025-06-15 |
| CVE-2025-6094 | FoxCMS 注入漏洞 — FoxCMS | 6.3 | Medium | 2025-06-15 |
| CVE-2025-5487 | WordPress plugin AutomatorWP SQL注入漏洞 — AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress | 7.2 | High | 2025-06-14 |
| CVE-2025-49468 | No Boss Calendar SQL注入漏洞 — No Boss Calendar component for Joomla | 8.8AI | HighAI | 2025-06-13 |
| CVE-2025-41233 | VMware AVI Load Balancer 安全漏洞 — Avi Load Balancer | 6.8 | Medium | 2025-06-12 |
| CVE-2025-49467 | GWE JEvents SQL注入漏洞 — JEvents component for Joomla | 9.1AI | CriticalAI | 2025-06-12 |
| CVE-2024-56158 | XWiki Platform 注入漏洞 — xwiki-platform | 9.8AI | CriticalAI | 2025-06-12 |
| CVE-2025-6009 | like-girl 安全漏洞 — like-girl | 4.7 | Medium | 2025-06-12 |
| CVE-2025-6008 | like-girl 安全漏洞 — like-girl | 4.7 | Medium | 2025-06-12 |
| CVE-2025-6007 | like-girl 安全漏洞 — like-girl | 4.7 | Medium | 2025-06-12 |
| CVE-2025-6006 | like-girl 安全漏洞 — like-girl | 4.7 | Medium | 2025-06-12 |
| CVE-2025-6005 | like-girl 安全漏洞 — like-girl | 4.7 | Medium | 2025-06-12 |
| CVE-2025-32466 | RSJoomla! RSMediaGallery! SQL注入漏洞 — RSMediaGallery component for Joomla | 7.6AI | HighAI | 2025-06-11 |
| CVE-2025-5980 | Code-Projects Restaurant Order System 注入漏洞 — Restaurant Order System | 7.3 | High | 2025-06-10 |
| CVE-2025-5979 | Code-Projects School Fees Payment System 注入漏洞 — School Fees Payment System | 7.3 | High | 2025-06-10 |
| CVE-2025-5977 | Code-Projects School Fees Payment System 注入漏洞 — School Fees Payment System | 7.3 | High | 2025-06-10 |
| CVE-2025-5971 | Code-Projects School Fees Payment System 安全漏洞 — School Fees Payment System | 6.3 | Medium | 2025-06-10 |
| CVE-2025-47172 | Microsoft Office Sharepoint Server SQL注入漏洞 — Microsoft SharePoint Enterprise Server 2016 | 8.8 | High | 2025-06-10 |
| CVE-2025-49455 | WordPress plugin TinySalt 代码问题漏洞 — WordPress-WPJobBoard | 9.3 | Critical | 2025-06-10 |
| CVE-2025-40657 | Dmacroweb DM Corporative CMS SQL注入漏洞 — DM Corporative CMS | 9.8AI | CriticalAI | 2025-06-10 |
| CVE-2025-40656 | Dmacroweb DM Corporative CMS SQL注入漏洞 — DM Corporative CMS | 9.8AI | CriticalAI | 2025-06-10 |
| CVE-2025-40655 | Dmacroweb DM Corporative CMS SQL注入漏洞 — DM Corporative CMS | 9.8AI | CriticalAI | 2025-06-10 |
| CVE-2025-40654 | DM Corporative CMS SQL注入漏洞 — DM Corporative CMS | 9.8AI | CriticalAI | 2025-06-10 |
| CVE-2025-5913 | PHPGurukul Vehicle Record Management System 安全漏洞 — Vehicle Record Management System | 7.3 | High | 2025-06-10 |
| CVE-2025-30507 | CyberData 011209 Intercom SQL注入漏洞 — 011209 SIP Emergency Intercom | 5.3 | Medium | 2025-06-09 |
| CVE-2025-24767 | WordPress plugin TicketBAI Facturas para WooCommerce SQL注入漏洞 — TicketBAI Facturas para WooCommerce | 9.3 | Critical | 2025-06-09 |
| CVE-2025-31059 | WordPress plugin WBW Product Table PRO SQL注入漏洞 — WBW Product Table PRO | 9.3 | Critical | 2025-06-09 |
| CVE-2025-31424 | WordPress plugin WP Lead Capturing Pages SQL注入漏洞 — WP Lead Capturing Pages | 9.3 | Critical | 2025-06-09 |
| CVE-2025-31920 | WordPress plugin WP Guppy SQL注入漏洞 — WP Guppy | 8.5 | High | 2025-06-09 |
| CVE-2025-47608 | WordPress plugin Recover abandoned cart for WooCommerce SQL注入漏洞 — Recover abandoned cart for WooCommerce | 9.3 | Critical | 2025-06-09 |
CWE-89(SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) 是常见的弱点类别,本平台收录该类弱点关联的 9545 条 CVE 漏洞。