CWE-89 SQL命令中使用的特殊元素转义处理不恰当(SQL注入) 类弱点 9625 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-89即SQL注入,属于输入验证类漏洞。当软件未对用户输入进行充分净化或转义,直接将其拼接到SQL命令中时,攻击者可注入恶意SQL代码,从而篡改查询逻辑、绕过身份验证或窃取敏感数据。开发者应避免直接拼接字符串,转而使用参数化查询或预编译语句,确保用户输入仅被视为数据而非可执行代码,从而从根本上阻断注入路径。
... string userName = ctx.getAuthenticatedUserName(); string query = "SELECT * FROM items WHERE owner = '" + userName + "' AND itemname = '" + ItemName.Text + "'"; sda = new SqlDataAdapter(query, conn); DataTable dt = new DataTable(); sda.Fill(dt); ...SELECT * FROM items WHERE owner = <userName> AND itemname = <itemName>;| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2024-2670 | Campcodes Online Job Finder System SQL注入漏洞 — Online Job Finder System | 6.3 | Medium | 2024-03-20 |
| CVE-2024-1799 | WordPress Plugin GamiPress 安全漏洞 — GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress | 8.8 | High | 2024-03-20 |
| CVE-2024-2669 | Campcodes Online Job Finder System SQL注入漏洞 — Online Job Finder System | 6.3 | Medium | 2024-03-20 |
| CVE-2024-2668 | Campcodes Online Job Finder System 安全漏洞 — Online Job Finder System | 6.3 | Medium | 2024-03-20 |
| CVE-2024-2387 | WordPress Plugin Advanced Form Integration 安全漏洞 — AFI – The Easiest Integration Plugin | 6.1 | Medium | 2024-03-20 |
| CVE-2024-2649 | Netentsec NS-ASG Application Security Gateway SQL注入漏洞 — NS-ASG Application Security Gateway | 6.3 | Medium | 2024-03-19 |
| CVE-2024-2647 | Netentsec NS-ASG Application Security Gateway SQL注入漏洞 — NS-ASG Application Security Gateway | 7.3 | High | 2024-03-19 |
| CVE-2024-2646 | Netentsec NS-ASG Application Security Gateway SQL注入漏洞 — NS-ASG Application Security Gateway | 6.3 | Medium | 2024-03-19 |
| CVE-2024-2644 | Netentsec NS-ASG Application Security Gateway SQL注入漏洞 — NS-ASG Application Security Gateway | 6.3 | Medium | 2024-03-19 |
| CVE-2023-44091 | Artica Pandora FMS SQL注入漏洞 — Pandora FMS | 7.5 | High | 2024-03-19 |
| CVE-2023-44090 | Artica Pandora FMS SQL注入漏洞 — Pandora FMS | 6.8 | Medium | 2024-03-19 |
| CVE-2024-2622 | Fujian Kelixin Command and Dispatch Platform SQL注入漏洞 — Command and Dispatch Platform | 6.3 | Medium | 2024-03-19 |
| CVE-2024-2621 | Fujian Kelixin Command and Dispatch Platform SQL注入漏洞 — Command and Dispatch Platform | 6.3 | Medium | 2024-03-19 |
| CVE-2024-2620 | Fujian Kelixin Command and Dispatch Platform SQL注入漏洞 — Command and Dispatch Platform | 6.3 | Medium | 2024-03-19 |
| CVE-2024-27096 | GLPI 安全漏洞 — glpi | 7.7 | High | 2024-03-18 |
| CVE-2024-2592 | AMSS++ SQL注入漏洞 — AMSS++ | 8.2 | High | 2024-03-18 |
| CVE-2024-2591 | AMSS++ 安全漏洞 — AMSS++ | 8.2 | High | 2024-03-18 |
| CVE-2024-2590 | AMSS++ SQL注入漏洞 — AMSS++ | 8.2 | High | 2024-03-18 |
| CVE-2024-2589 | AMSS++ SQL注入漏洞 — AMSS++ | 8.2 | High | 2024-03-18 |
| CVE-2024-2588 | AMSS++ SQL注入漏洞 — AMSS++ | 8.2 | High | 2024-03-18 |
| CVE-2024-2587 | AMSS++ SQL注入漏洞 — AMSS++ | 8.2 | High | 2024-03-18 |
| CVE-2024-2586 | AMSS++ SQL注入漏洞 — AMSS++ | 8.2 | High | 2024-03-18 |
| CVE-2024-2585 | AMSS++ SQL注入漏洞 — AMSS++ | 8.2 | High | 2024-03-18 |
| CVE-2024-2584 | AMSS++ SQL注入漏洞 — AMSS++ | 8.2 | High | 2024-03-18 |
| CVE-2024-2568 | JFinalCMS SQL注入漏洞 — JFinalCMS | 4.7 | Medium | 2024-03-17 |
| CVE-2024-2566 | Fujian Kelixin Command and Dispatch Platform SQL注入漏洞 — Command and Dispatch Platform | 7.3 | High | 2024-03-17 |
| CVE-2024-2562 | PandaX SQL注入漏洞 — PandaX | 6.3 | Medium | 2024-03-17 |
| CVE-2024-2556 | Employee Task Management System SQL注入漏洞 — Employee Task Management System | 6.3 | Medium | 2024-03-17 |
| CVE-2024-2555 | Employee Task Management System SQL注入漏洞 — Employee Task Management System | 6.3 | Medium | 2024-03-17 |
| CVE-2024-2554 | Employee Task Management System SQL注入漏洞 — Employee Task Management System | 6.3 | Medium | 2024-03-17 |
CWE-89(SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) 是常见的弱点类别,本平台收录该类弱点关联的 9625 条 CVE 漏洞。