Home/CWE/Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Weakness

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-89 · Base · Stable

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Weakness Relationships

Where this weakness sits in the CWE hierarchy. Walk up to broader classes or down to more specific variants.
Parent of this (broader)
ChildOfCWE-74 · Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
ChildOfCWE-943 · Improper Neutralization of Special Elements in Data Query Logic
Children (more specific)
ParentOfCWE-564 · SQL Injection: Hibernate

Attack Patterns (CAPEC)

6
How adversaries exploit this weakness, per MITRE CAPEC.
CAPEC-108Command Line Execution through SQL Injection
CAPEC-109Object Relational Mapping Injection
CAPEC-110SQL Injection through SOAP Parameter Tampering
CAPEC-470Expanding Control over the Operating System from the Database
CAPEC-66SQL Injection
CAPEC-7Blind SQL Injection

CVEs With This Weakness

22,679
A sample of the 22,679 CVEs tagged with this weakness.
CVECVE-2026-8851
CVECVE-2026-8785
CVECVE-2026-8772
CVECVE-2026-8771
CVECVE-2026-8734
CVECVE-2026-8724
CVECVE-2026-8231
CVECVE-2026-8207
CVECVE-2026-8133
CVECVE-2026-8132
CVECVE-2026-8131
CVECVE-2026-8130

Nuclei Scanner Templates

30
Open-source Nuclei templates that detect this weakness class - an actionable scan-for-it pivot. Licensed under the ProjectDiscovery / Nuclei terms.
criticalSQL - Error Messages
criticalvBulletin 3.x / 4.x AjaxReg - SQL Injection
criticalError based SQL injection
criticalEmployee Management System 1.0 - SQL Injection
criticalDotnet CMS - SQL Injection
criticalDuomi CMS - SQL Injection
criticalPbootCMS 2.0.7 - SQL Injection
criticalZoo Management System 1.0 - SQL Injection
criticalZCMS - SQL Injection
criticalFumeng - SQL Injection
criticalECShop 2.x/3.x - SQL Injection
criticalFineCMS 5.0.10 - SQL Injection
criticalECTouch 2 - SQL Injection
critical74cms Sql Injection
criticalYesWiki <2022-07-07 - SQL Injection
criticalHalo ITSM - Pre-Authentication SQL Injection
criticalVehicle Parking Management System 1.0 - SQL Injection
criticalXdCMS - SQL Injection
criticalPHPOK - SQL Injection
criticalSeaCMS 8.7 - SQL Injection
criticalChamilo 1.11.14 - SQL Injection
criticalHuatian Power OA 8000 workFlowService - SQL injection
criticalFumasoft Cloud - SQL Injection
criticalEcology Syncuserinfo - SQL Injection
criticalAdvanced Booking Calendar < 1.6.2 - SQL Injection
criticalLeagueManager <= 3.9.11 - SQL Injection
criticalSmart Manager for WooCommerce & WPeC <= 3.9.6 - SQL Injection
criticalWordPress Video Gallery <= 2.8 - SQL Injection
criticalWordPress Zero Spam <= 2.1.1 - Blind SQL Injection
criticalWP AutoSuggest 0.24 - SQL Injection
External lookups - second-class, for what we don’t hold ourselves
MITRE CWE
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin