Cwe 89

🧬 CWE Related 54

slug: cwe-89

Explanation

CWE-89は「Webアプリがユーザー入力をきちんとパラメータ化せずにSQL文に埋め込んでしまう欠陥」のことです。攻撃者はSQL文の構造を書き換えてデータベースを直接操作でき、全ユーザーのID/パスワードを抜く・データ改ざん・データベース全削除など何でもされます。対策は「プリペアドステートメント (パラメータ化クエリ)」を必ず使うこと。

📌 Example

Equifax事件 (2017): 米国最大の信用情報機関で1.4億人の個人情報流出。直接的にはApache Strutsの脆弱性だったが、SQLi脆弱性を経由した類似事件は無数にある。

🔗 Related links

🔖 Related tags

Cwe 20125 Cwe 78120 Cwe 787105 Cwe 41699 Cwe 2296 Cwe 11990 Cwe 9484 Cwe 50270 Cwe 7966 Cwe 91844 Cwe 28443 Cwe 28741 Cwe 7740 Cwe 30638 Cwe 84337

🛡 Vulnerabilities tagged with this 54

ID	Title	Severity	Detected
CVE-2026-8207	SQL Injection in sqli (CVE-2026-8207)		18 hours ago
CVE-2026-42287	SQL Injection in sqli (CVE-2026-42287)		23 hours ago
CVE-2026-41889	SQL Injection in sqli (CVE-2026-41889)		1 day ago
CVE-2026-37431	SQL Injection in sqli (CVE-2026-37431)	Critical	1 day ago
CVE-2026-44337	Vulnerability in praison (CVE-2026-44337)	Medium	1 day ago
CVE-2026-41496	SQL Injection in praison (CVE-2026-41496)	High	1 day ago
CVE-2026-4935	SQL Injection in wordpress (CVE-2026-4935)	High	1 day ago
CVE-2023-46453	SQL Injection in network-device (CVE-2023-46453)	Critical	1 day ago
CVE-2024-33722	SQL Injection in sqli (CVE-2024-33722)	Medium	1 day ago
CVE-2024-33288	SQL Injection in sqli (CVE-2024-33288)	High	1 day ago
CVE-2026-8133	Vulnerability in sqli (CVE-2026-8133)	High	1 day ago
CVE-2026-8132	Vulnerability in sqli (CVE-2026-8132)	High	1 day ago
CVE-2026-8129	Vulnerability in sqli (CVE-2026-8129)	High	1 day ago
CVE-2026-8130	Vulnerability in sqli (CVE-2026-8130)	High	1 day ago
CVE-2026-8131	Vulnerability in sqli (CVE-2026-8131)	High	1 day ago
CVE-2026-8128	Vulnerability in sqli (CVE-2026-8128)	High	1 day ago
CVE-2026-8126	Vulnerability in sqli (CVE-2026-8126)	High	1 day ago
CVE-2026-8125	Vulnerability in sqli (CVE-2026-8125)	Medium	1 day ago
CVE-2026-42208 KEV	[KEV] SQL Injection in Berriai litellm (CVE-2026-42208)	Critical	1 day ago
CVE-2026-8114	Vulnerability in sqli (CVE-2026-8114)	Medium	1 day ago
CVE-2026-44349	SQL Injection in github.com/daptin/daptin (CVE-2026-44349)		2 days ago
CVE-2026-33324	SQL Injection in fit2cloud (CVE-2026-33324)	High	4 days ago
CVE-2026-38428	SQL Injection in sqli (CVE-2026-38428)	Critical	4 days ago
CVE-2026-42087	SQL Injection in sqli (CVE-2026-42087)	Critical	5 days ago
CVE-2026-21643 KEV	[KEV] SQL Injection in Fortinet forticlient-ems (CVE-2026-21643)	High	3 weeks ago
CVE-2024-43468 KEV	[KEV] SQL Injection in Microsoft configuration-manager (CVE-2024-43468)	High	2 months ago
CVE-2025-57819 KEV	[KEV] SQL Injection in Sangoma freepbx (CVE-2025-57819)	High	8 months ago
CVE-2025-25257 KEV	[KEV] SQL Injection in Fortinet fortiweb (CVE-2025-25257)	High	9 months ago
CVE-2025-25181 KEV	[KEV] SQL Injection in Advantive veracore (CVE-2025-25181)	High	1 year ago
CVE-2020-29574 KEV	[KEV] SQL Injection in Sophos cyberoamos (CVE-2020-29574)	High	1 year ago

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →