Weakness Name | Source | |
---|---|---|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Metrics | Score | Severity | CVSS Vector | Source |
---|---|---|---|---|
V2 | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P | nvd@nist.gov |
E107>>E107 >> Version To (including) 0.7.24
E107>>E107 >> Version 0.7.0
E107>>E107 >> Version 0.7.1
E107>>E107 >> Version 0.7.2
E107>>E107 >> Version 0.7.3
E107>>E107 >> Version 0.7.4
E107>>E107 >> Version 0.7.5
E107>>E107 >> Version 0.7.6
E107>>E107 >> Version 0.7.7
E107>>E107 >> Version 0.7.8
E107>>E107 >> Version 0.7.9
E107>>E107 >> Version 0.7.10
E107>>E107 >> Version 0.7.11
E107>>E107 >> Version 0.7.12
E107>>E107 >> Version 0.7.13
E107>>E107 >> Version 0.7.14
E107>>E107 >> Version 0.7.15
E107>>E107 >> Version 0.7.16
E107>>E107 >> Version 0.7.17
E107>>E107 >> Version 0.7.18
E107>>E107 >> Version 0.7.19
E107>>E107 >> Version 0.7.20
E107>>E107 >> Version 0.7.21
E107>>E107 >> Version 0.7.22