Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-943 (数据查询逻辑中特殊元素的不当中和) — Vulnerability Class 37

37 vulnerabilities classified as CWE-943 (数据查询逻辑中特殊元素的不当中和). AI Chinese analysis included.

CWE-943 represents a critical software weakness where applications fail to properly sanitize special characters within data query logic, allowing malicious input to alter intended database operations. Attackers typically exploit this vulnerability by injecting crafted strings that break out of the original query structure, enabling unauthorized data access, modification, or deletion through techniques like SQL injection. This occurs when developers directly concatenate user-supplied data into query statements without validation or escaping mechanisms. To prevent such exploits, developers must implement robust input validation and utilize parameterized queries or prepared statements, which separate code from data. By treating all user input as untrusted and ensuring that special elements are correctly neutralized or escaped, organizations can effectively mitigate the risk of logic manipulation and safeguard their data stores from unauthorized interference.

MITRE CWE Description
The product generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query. Depending on the capabilities of the query language, an attacker could inject additional logic into the query to: Modify the intended selection criteria, thus changing which data entities (e.g., records) are returned, modified, or otherwise manipulated Append additional commands to the query Return more entities than intended Return fewer entities than intended Cause entities to be sorted in an unexpected way The ability to execute additional commands or change which entities are returned has obvious risks. But when the product logic depends on the order or number of entities, this can also lead to vulnerabilities. For example, if the query expects to return only one entity that specifies an administrative user, but an attacker can change which entities are returned, this could cause the logic to return information for a regular user and incorrectly assume that the user has administrative privileges. While this weakness is most commonly associated with SQL injection, there are many other query languages that are also subject to injection attacks, including HTSQL, LDAP, DQL, XQuery, Xpath, and "NoSQL" languages.
Common Consequences (1)
Confidentiality, Integrity, Availability, Access ControlBypass Protection Mechanism, Read Application Data, Modify Application Data, Varies by Context
Examples (2)
The following code dynamically constructs and executes a SQL query that searches for items matching a specified name. The query restricts the items displayed to those where owner matches the user name of the currently-authenticated user.
... string userName = ctx.getAuthenticatedUserName(); string query = "SELECT * FROM items WHERE owner = '" + userName + "' AND itemname = '" + ItemName.Text + "'"; sda = new SqlDataAdapter(query, conn); DataTable dt = new DataTable(); sda.Fill(dt); ...
Bad · C#
SELECT * FROM items WHERE owner = <userName> AND itemname = <itemName>;
Informative
The code below constructs an LDAP query using user input address data:
context = new InitialDirContext(env); String searchFilter = "StreetAddress=" + address; NamingEnumeration answer = context.search(searchBase, searchFilter, searchCtls);
Bad · Java
CVE IDTitleCVSSSeverityPublished
CVE-2026-33566 LogonTracer 安全漏洞 — LogonTracer 7.5AIHighAI2026-04-27
CVE-2026-41327 Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in Upsert Condition Field — dgraph 9.1 Critical2026-04-24
CVE-2026-41328 Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in NQuad Lang Field — dgraph 9.1 Critical2026-04-24
CVE-2026-41274 Flowise: Cypher Injection in GraphCypherQAChain — Flowise 9.8AICriticalAI2026-04-23
CVE-2026-6626 Cockpit-HQ Cockpit Asset Handler/Aggregate data query logic injection — Cockpit 6.3 Medium2026-04-20
CVE-2026-40352 FastGPT: NoSQL Injection in updatePasswordByOld Leads to Account Takeover — FastGPT 8.8 High2026-04-17
CVE-2026-40351 FastGPT: NoSQL Injection in loginByPassword leads to Authentication Bypass — FastGPT 9.8 Critical2026-04-17
CVE-2026-34973 phpMyFAQ has a LIKE Wildcard Injection in Search.php — Unescaped % and _ Metacharacters Enable Broad Content Disclosure — phpMyFAQ 8.2AIHighAI2026-04-02
CVE-2026-33980 Azure Data Explorer MCP Server: KQL Injection in multiple tools allows MCP client to execute arbitrary Kusto queries — adx-mcp-server 8.3 High2026-03-27
CVE-2026-3023 Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma application web — Wakyma application web 4.3AIMediumAI2026-03-16
CVE-2026-3022 Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma application web — Wakyma application web 6.5AIMediumAI2026-03-16
CVE-2026-3021 Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma application web — Wakyma application web 6.5AIMediumAI2026-03-16
CVE-2026-32248 Parse Server: Account takeover via operator injection in authentication data identifier — parse-server 7.4AIHighAI2026-03-12
CVE-2026-32247 Graphiti vulnerable to Cypher Injection via unsanitized node_labels in search filters — graphiti 8.1 High2026-03-12
CVE-2026-29793 NoSQL Injection via WebSocket id Parameter in MongoDB Adapter — mongodb 9.4AICriticalAI2026-03-10
CVE-2026-30941 Parse Server has a NoSQL injection via token type in password reset and email verification endpoints — parse-server 9.8AICriticalAI2026-03-10
CVE-2026-30833 Rocket.Chat: NoSQL injection in the EE ddp-streamer-service — Rocket.Chat 9.8 -2026-03-06
CVE-2026-28211 Arbitrary code execution in log reader via untrusted log file — NVDA-Dev-Test-Toolbox 7.8 High2026-02-26
CVE-2026-25591 New API has an SQL LIKE Wildcard Injection DoS via Token Search — new-api 6.5AIMediumAI2026-02-24
CVE-2025-36353 IBM Db2 Denial of Service — Db2 for Linux, UNIX and Windows 6.2 Medium2026-01-30
CVE-2025-36366 IBM Db2 Denial of Service — Db2 for Linux, UNIX and Windows 6.5 Medium2026-01-30
CVE-2025-36442 IBM Db2 Denial of Service — Db2 for Linux, UNIX and Windows 6.5 Medium2026-01-30
CVE-2026-0504 Insufficient Input Handling in JNDI Operations of SAP Identity Management — SAP Identity Management 3.8 Low2026-01-13
CVE-2025-42884 JNDI Injection vulnerability in SAP NetWeaver Enterprise Portal — SAP NetWeaver Enterprise Portal 6.5 Medium2025-11-11
CVE-2025-36185 IBM Db2 denial of service — Db2 6.2 Medium2025-11-07
CVE-2025-23292 NVIDIA Delegated Licensing Service 安全漏洞 — DLS component of NVIDIA License System 4.6 Medium2025-09-30
CVE-2025-33114 IBM Db2 for Linux denial of service — Db2 5.3 Medium2025-07-29
CVE-2025-24787 Parameter injection in DB connection URIs leading to local file inclusion in WhoDB — whodb 8.6 High2025-02-06
CVE-2021-1481 Cisco SD-WAN vManage Cypher Query Language Injection Vulnerability — Cisco Catalyst SD-WAN Manager 4.3 Medium2024-11-15
CVE-2024-4872 Hitachi Energy MicroSCADA X SYS600 安全漏洞 — MicroSCADA X SYS600 8.8 High2024-08-27

Vulnerabilities classified as CWE-943 (数据查询逻辑中特殊元素的不当中和) represent 37 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.