CWE-89 SQL命令中使用的特殊元素转义处理不恰当(SQL注入) 类弱点 9545 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-89即SQL注入,属于输入验证类漏洞。当软件未对用户输入进行充分净化或转义,直接将其拼接到SQL命令中时,攻击者可注入恶意SQL代码,从而篡改查询逻辑、绕过身份验证或窃取敏感数据。开发者应避免直接拼接字符串,转而使用参数化查询或预编译语句,确保用户输入仅被视为数据而非可执行代码,从而从根本上阻断注入路径。
... string userName = ctx.getAuthenticatedUserName(); string query = "SELECT * FROM items WHERE owner = '" + userName + "' AND itemname = '" + ItemName.Text + "'"; sda = new SqlDataAdapter(query, conn); DataTable dt = new DataTable(); sda.Fill(dt); ...SELECT * FROM items WHERE owner = <userName> AND itemname = <itemName>;| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2023-4675 | GM Information Technologies MDO SQL注入漏洞 — MDO | 9.8 | Critical | 2023-12-29 |
| CVE-2023-4674 | Yaztek Software Technologies and Computer Systems E-Commerce Software 安全漏洞 — E-Commerce Software | 9.8 | - | 2023-12-29 |
| CVE-2023-4541 | Ween Software Admin Panel SQL注入漏洞 — Admin Panel | 9.8 | Critical | 2023-12-29 |
| CVE-2023-44088 | Artica Pandora FMS 安全漏洞 — Pandora FMS | 5.9 | Medium | 2023-12-29 |
| CVE-2023-50837 | WordPress Plugin Login Lockdown SQL注入漏洞 — Login Lockdown – Protect Login Form | 7.6 | High | 2023-12-29 |
| CVE-2023-52135 | WordPress Plugin WS Form LITE SQL注入漏洞 — WS Form LITE – Drag & Drop Contact Form Builder for WordPress | 7.6 | High | 2023-12-29 |
| CVE-2023-7161 | Netentsec NS-ASG Application Security Gateway SQL注入漏洞 — NS-ASG Application Security Gateway | 7.3 | High | 2023-12-29 |
| CVE-2023-7157 | Inventory Management System SQL注入漏洞 — Free and Open Source Inventory Management System | 6.3 | Medium | 2023-12-29 |
| CVE-2023-7156 | Online College Library System SQL注入漏洞 — Online College Library System | 7.3 | High | 2023-12-29 |
| CVE-2023-7155 | Inventory Management System SQL注入漏洞 — Free and Open Source Inventory Management System | 6.3 | Medium | 2023-12-29 |
| CVE-2023-7146 | Sven gopeak masterlab SQL注入漏洞 — MasterLab | 6.3 | Medium | 2023-12-29 |
| CVE-2023-7145 | Sven gopeak masterlab SQL注入漏洞 — MasterLab | 6.3 | Medium | 2023-12-29 |
| CVE-2023-7144 | Sven gopeak masterlab 安全漏洞 — MasterLab | 6.3 | Medium | 2023-12-29 |
| CVE-2023-7142 | Client Details System SQL注入漏洞 — Client Details System | 4.3 | Medium | 2023-12-29 |
| CVE-2023-7141 | Client Details System SQL注入漏洞 — Client Details System | 4.3 | Medium | 2023-12-28 |
| CVE-2023-7140 | Client Details System SQL注入漏洞 — Client Details System | 4.3 | Medium | 2023-12-28 |
| CVE-2023-7139 | Client Details System SQL注入漏洞 — Client Details System | 4.3 | Medium | 2023-12-28 |
| CVE-2023-7138 | Client Details System SQL注入漏洞 — Client Details System | 6.3 | Medium | 2023-12-28 |
| CVE-2023-7137 | Client Details System SQL注入漏洞 — Client Details System | 6.3 | Medium | 2023-12-28 |
| CVE-2023-50838 | WordPress Plugin NEX-Forms SQL注入漏洞 — NEX-Forms – Ultimate Form Builder – Contact forms and much more | 7.6 | High | 2023-12-28 |
| CVE-2023-50839 | WordPress Plugin JS Help Desk SQL注入漏洞 — JS Help Desk – Best Help Desk & Support Plugin | 9.3 | Critical | 2023-12-28 |
| CVE-2023-50840 | WordPress Plugin Booking Manager SQL注入漏洞 — Booking Manager | 8.5 | High | 2023-12-28 |
| CVE-2023-50841 | WordPress Plugin BookingPress SQL注入漏洞 — BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin | 8.5 | High | 2023-12-28 |
| CVE-2023-50842 | WordPress Plugin MF Gig Calendar SQL注入漏洞 — MF Gig Calendar | 8.5 | High | 2023-12-28 |
| CVE-2023-50843 | WordPress Plugin Clockwork SMS Notfications SQL注入漏洞 — Clockwork SMS Notfications | 7.6 | High | 2023-12-28 |
| CVE-2023-50844 | WordPress Plugin Mail logging SQL注入漏洞 — Mail logging – WP Mail Catcher | 7.6 | High | 2023-12-28 |
| CVE-2023-50845 | WordPress Plugin GeoDirectory SQL注入漏洞 — GeoDirectory – WordPress Business Directory Plugin, or Classified Directory | 7.6 | High | 2023-12-28 |
| CVE-2023-50846 | WordPress Plugin RegistrationMagic 安全漏洞 — RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | 7.6 | High | 2023-12-28 |
| CVE-2023-50847 | WordPress Plugin Welcart e-Commerce SQL注入漏洞 — Welcart e-Commerce | 7.6 | High | 2023-12-28 |
| CVE-2023-7131 | Intern Membership Management System 安全漏洞 — Intern Membership Management System | 6.3 | Medium | 2023-12-28 |
CWE-89(SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) 是常见的弱点类别,本平台收录该类弱点关联的 9545 条 CVE 漏洞。