CWE-89 SQL命令中使用的特殊元素转义处理不恰当(SQL注入) 类弱点 9545 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-89即SQL注入,属于输入验证类漏洞。当软件未对用户输入进行充分净化或转义,直接将其拼接到SQL命令中时,攻击者可注入恶意SQL代码,从而篡改查询逻辑、绕过身份验证或窃取敏感数据。开发者应避免直接拼接字符串,转而使用参数化查询或预编译语句,确保用户输入仅被视为数据而非可执行代码,从而从根本上阻断注入路径。
... string userName = ctx.getAuthenticatedUserName(); string query = "SELECT * FROM items WHERE owner = '" + userName + "' AND itemname = '" + ItemName.Text + "'"; sda = new SqlDataAdapter(query, conn); DataTable dt = new DataTable(); sda.Fill(dt); ...SELECT * FROM items WHERE owner = <userName> AND itemname = <itemName>;| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2023-47530 | WordPress Plugin Redirect 404 Error Page to Homepage or Custom Page with Logs SQL注入漏洞 — Redirect 404 Error Page to Homepage or Custom Page with Logs | 7.6 | High | 2023-12-18 |
| CVE-2023-47558 | WordPress Plugin Who Hit The Page SQL注入漏洞 — Who Hit The Page – Hit Counter | 7.6 | High | 2023-12-18 |
| CVE-2023-33331 | WordPress Plugin Product Vendors SQL注入漏洞 — Product Vendors | 8.5 | High | 2023-12-18 |
| CVE-2023-34168 | WordPress Plugin WP Report Post SQL注入漏洞 — WP Report Post | 7.6 | High | 2023-12-18 |
| CVE-2023-6903 | Netcon NS-ASG SQL注入漏洞 — NS-ASG Application Security Gateway | 7.3 | High | 2023-12-17 |
| CVE-2023-6898 | Best Courier Management System SQL注入漏洞 — Best Courier Management System | 5.5 | Medium | 2023-12-17 |
| CVE-2023-6885 | Tongda2000 SQL注入漏洞 — OA 2017 | 5.5 | Medium | 2023-12-16 |
| CVE-2023-30867 | Apache StreamPark SQL注入漏洞 — Apache StreamPark (incubating) | 6.5 | - | 2023-12-15 |
| CVE-2023-48395 | WebITR SQL注入漏洞 — WebITR | 6.5 | Medium | 2023-12-15 |
| CVE-2023-48384 | ArmorX Spam SQL注入漏洞 — ArmorX Spam | 9.8 | Critical | 2023-12-15 |
| CVE-2023-48372 | ITPison OMICARD EDM SQL注入漏洞 — OMICARD EDM 's SMS | 9.8 | Critical | 2023-12-15 |
| CVE-2023-44284 | Dell PowerProtect Data Domain 安全漏洞 — PowerProtect DD | 4.3 | Medium | 2023-12-14 |
| CVE-2023-40629 | Joomla 安全漏洞 — LMS Lite component for Joomla | 9.8AI | CriticalAI | 2023-12-14 |
| CVE-2023-49708 | Joomla 安全漏洞 — Starshop component for Joomla | 9.8AI | CriticalAI | 2023-12-14 |
| CVE-2023-49707 | Joomla 安全漏洞 — S5 Register module for Joomla | 9.8AI | CriticalAI | 2023-12-14 |
| CVE-2023-6772 | OTCMS SQL注入漏洞 — OTCMS | 4.7 | Medium | 2023-12-13 |
| CVE-2023-6771 | Simple Student Attendance System SQL注入漏洞 — Simple Student Attendance System | 5.5 | Medium | 2023-12-13 |
| CVE-2023-46727 | GLPI SQL注入漏洞 — glpi | 8.6 | High | 2023-12-13 |
| CVE-2023-43813 | GLPI SQL注入漏洞 — glpi | 6.5 | Medium | 2023-12-13 |
| CVE-2023-6765 | Online Tours & Travels Management System SQL注入漏洞 — Online Tours & Travels Management System | 5.5 | Medium | 2023-12-13 |
| CVE-2023-6755 | DedeBIZ SQL注入漏洞 — DedeBIZ | 4.7 | Medium | 2023-12-13 |
| CVE-2023-45800 | Hanbiro 安全漏洞 — Hanbiro groupware | 7.5 | High | 2023-12-13 |
| CVE-2023-49581 | SAP GUI 信息泄露漏洞 — SAP NetWeaver Application Server ABAP and ABAP Platform | 4.1 | Medium | 2023-12-12 |
| CVE-2023-6659 | Web-Based Student Clearance System SQL注入漏洞 — Web-Based Student Clearance System | 6.3 | Medium | 2023-12-11 |
| CVE-2023-6658 | SourceCodester Simple Student Attendance System SQL注入漏洞 — Simple Student Attendance System | 5.5 | Medium | 2023-12-10 |
| CVE-2023-6657 | SourceCodester Simple Student Attendance System SQL注入漏洞 — Simple Student Attendance System | 5.5 | Medium | 2023-12-10 |
| CVE-2023-6655 | Hongjing e-HR SQL注入漏洞 — e-HR | 7.3 | High | 2023-12-10 |
| CVE-2023-6652 | Matrimonial Site SQL注入漏洞 — Matrimonial Site | 7.3 | High | 2023-12-10 |
| CVE-2023-6651 | Matrimonial Site SQL注入漏洞 — Matrimonial Site | 7.3 | High | 2023-12-10 |
| CVE-2023-6648 | Nipah virus Testing Management System SQL注入漏洞 — Nipah Virus Testing Management System | 7.3 | High | 2023-12-10 |
CWE-89(SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) 是常见的弱点类别,本平台收录该类弱点关联的 9545 条 CVE 漏洞。