Cwe 89

🧬 CWE Related 54

slug: cwe-89

Explanation

CWE-89は「Webアプリがユーザー入力をきちんとパラメータ化せずにSQL文に埋め込んでしまう欠陥」のことです。攻撃者はSQL文の構造を書き換えてデータベースを直接操作でき、全ユーザーのID/パスワードを抜く・データ改ざん・データベース全削除など何でもされます。対策は「プリペアドステートメント (パラメータ化クエリ)」を必ず使うこと。

📌 Example

Equifax事件 (2017): 米国最大の信用情報機関で1.4億人の個人情報流出。直接的にはApache Strutsの脆弱性だったが、SQLi脆弱性を経由した類似事件は無数にある。

🔗 Related links

🔖 Related tags

Cwe 20125 Cwe 78120 Cwe 787105 Cwe 41699 Cwe 2296 Cwe 11990 Cwe 9484 Cwe 50270 Cwe 7966 Cwe 91844 Cwe 28443 Cwe 28741 Cwe 7740 Cwe 30638 Cwe 84337

🛡 Vulnerabilities tagged with this 54

ID	Title	Severity	Detected
CVE-2024-9465 KEV	[KEV] SQL Injection in Palo alto networks palo-alto-networks (CVE-2024-9465)	High	1 year ago
CVE-2024-9379 KEV	[KEV] SQL Injection in Ivanti cloud-services-appliance-csa (CVE-2024-9379)	High	1 year ago
CVE-2024-29824 KEV	[KEV] SQL Injection in Ivanti endpoint-manager-epm (CVE-2024-29824)	High	1 year ago
CVE-2024-6670 KEV	[KEV] SQL Injection in Progress whatsup-gold (CVE-2024-6670)	High	1 year ago
CVE-2023-48788 KEV	[KEV] SQL Injection in Fortinet forticlient-ems (CVE-2023-48788)	High	2 years ago
CVE-2023-46748 KEV	[KEV] SQL Injection in F5 big-ip-configuration-utility (CVE-2023-46748)	High	2 years ago
CVE-2021-44026 KEV	[KEV] SQL Injection in roundcube (CVE-2021-44026)	High	2 years ago
CVE-2023-34362 KEV	[KEV] SQL Injection in Progress moveit-transfer (CVE-2023-34362)	High	2 years ago
CVE-2016-2386 KEV	[KEV] SQL Injection in Sap netweaver (CVE-2016-2386)	High	3 years ago
CVE-2017-18362 KEV	[KEV] SQL Injection in Kaseya virtual-systemserver-administrator-vsa (CVE-2017-18362)	High	3 years ago
CVE-2018-7841 KEV	[KEV] SQL Injection in Schneider electric schneider-electric (CVE-2018-7841)	High	4 years ago
CVE-2021-20028 KEV	[KEV] SQL Injection in Sonicwall secure-remote-access-sra (CVE-2021-20028)	High	4 years ago
CVE-2019-12989 KEV	[KEV] SQL Injection in Citrix sd-wan-and-netscaler (CVE-2019-12989)	High	4 years ago
CVE-2020-5722 KEV	[KEV] SQL Injection in Grandstream ucm6200 (CVE-2020-5722)	High	4 years ago
CVE-2020-17463 KEV	[KEV] SQL Injection in Fuel cms fuel-cms (CVE-2020-17463)	High	4 years ago
CVE-2021-20016 KEV	[KEV] SQL Injection in Sonicwall sslvpn-sma100 (CVE-2021-20016)	High	4 years ago
CVE-2021-27101 KEV	[KEV] SQL Injection in Accellion fta (CVE-2021-27101)	High	4 years ago
CVE-2021-42258 KEV	[KEV] SQL Injection in Bqe billquick-web-suite (CVE-2021-42258)	High	4 years ago
CVE-2019-7481 KEV	[KEV] SQL Injection in Sonicwall sma100 (CVE-2019-7481)	High	4 years ago
CVE-2020-12271 KEV	[KEV] SQL Injection in Sophos sfos (CVE-2020-12271)	High	4 years ago
CVE-2018-3885	SQL Injection in sqli (CVE-2018-3885)	High	7 years ago
CVE-2018-3884	SQL Injection in sqli (CVE-2018-3884)	High	7 years ago
CVE-2018-3883	SQL Injection in sqli (CVE-2018-3883)	High	7 years ago
CVE-2018-3882	SQL Injection in sqli (CVE-2018-3882)	High	7 years ago

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →