Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-943 (数据查询逻辑中特殊元素的不当中和) — Vulnerability Class 37

37 vulnerabilities classified as CWE-943 (数据查询逻辑中特殊元素的不当中和). AI Chinese analysis included.

CWE-943 represents a critical software weakness where applications fail to properly sanitize special characters within data query logic, allowing malicious input to alter intended database operations. Attackers typically exploit this vulnerability by injecting crafted strings that break out of the original query structure, enabling unauthorized data access, modification, or deletion through techniques like SQL injection. This occurs when developers directly concatenate user-supplied data into query statements without validation or escaping mechanisms. To prevent such exploits, developers must implement robust input validation and utilize parameterized queries or prepared statements, which separate code from data. By treating all user input as untrusted and ensuring that special elements are correctly neutralized or escaped, organizations can effectively mitigate the risk of logic manipulation and safeguard their data stores from unauthorized interference.

MITRE CWE Description
The product generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query. Depending on the capabilities of the query language, an attacker could inject additional logic into the query to: Modify the intended selection criteria, thus changing which data entities (e.g., records) are returned, modified, or otherwise manipulated Append additional commands to the query Return more entities than intended Return fewer entities than intended Cause entities to be sorted in an unexpected way The ability to execute additional commands or change which entities are returned has obvious risks. But when the product logic depends on the order or number of entities, this can also lead to vulnerabilities. For example, if the query expects to return only one entity that specifies an administrative user, but an attacker can change which entities are returned, this could cause the logic to return information for a regular user and incorrectly assume that the user has administrative privileges. While this weakness is most commonly associated with SQL injection, there are many other query languages that are also subject to injection attacks, including HTSQL, LDAP, DQL, XQuery, Xpath, and "NoSQL" languages.
Common Consequences (1)
Confidentiality, Integrity, Availability, Access ControlBypass Protection Mechanism, Read Application Data, Modify Application Data, Varies by Context
Examples (2)
The following code dynamically constructs and executes a SQL query that searches for items matching a specified name. The query restricts the items displayed to those where owner matches the user name of the currently-authenticated user.
... string userName = ctx.getAuthenticatedUserName(); string query = "SELECT * FROM items WHERE owner = '" + userName + "' AND itemname = '" + ItemName.Text + "'"; sda = new SqlDataAdapter(query, conn); DataTable dt = new DataTable(); sda.Fill(dt); ...
Bad · C#
SELECT * FROM items WHERE owner = <userName> AND itemname = <itemName>;
Informative
The code below constructs an LDAP query using user input address data:
context = new InitialDirContext(env); String searchFilter = "StreetAddress=" + address; NamingEnumeration answer = context.search(searchBase, searchFilter, searchCtls);
Bad · Java
CVE IDTitleCVSSSeverityPublished
CVE-2024-31882 IBM Db2 denial of service — Db2 for Linux, UNIX and Windows 5.3 Medium2024-08-14
CVE-2024-35136 IBM Db2 denial of service — Db2 for Linux, UNIX and Windows 5.3 Medium2024-08-14
CVE-2024-28192 NoSQL Injection Leading to Authentication Bypass in your_spotify — your_spotify 5.3 Medium2024-03-13
CVE-2022-36084 cruddl vulnerable to AQL injection through flexSearch — cruddl 9.9 Critical2022-09-08
CVE-2021-34712 Cisco SD-WAN vManage Software Cypher Query Language Injection Vulnerability — Cisco SD-WAN vManage 5.4 Medium2021-09-23
CVE-2021-1349 Cisco SD-WAN vManage Cypher Query Language Injection Vulnerability — Cisco SD-WAN vManage 6.5 Medium2021-01-20
CVE-2020-5257 Sort order SQL injection in Administrate — administrate 7.7 High2020-03-13

Vulnerabilities classified as CWE-943 (数据查询逻辑中特殊元素的不当中和) represent 37 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.