ClassIncomplete

CWE-943Improper Neutralization of Special Elements in Data Query Logic

Category: other

Description

The product generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query.

Common consequences· 1

  • Confidentiality / Integrity / Availability / Access Control — Bypass Protection Mechanism, Read Application Data, Modify Application Data, Varies by Context

Related CAPEC attack patterns· 1

CAPEC-676

References

  1. https://cwe.mitre.org/data/definitions/943.html

Exploits (incoming)1

TypeTargetConfidenceTier
AttackPatternNoSQL Injectioncapec-676100%live

(incoming)12

TypeTargetConfidenceTier
VulnerabilityCVE-2026-25513cve-2026-255130%live
VulnerabilityCVE-2026-25514cve-2026-255140%live
VulnerabilityCVE-2026-29793cve-2026-297930%live
VulnerabilityCVE-2026-3023cve-2026-30230%live
VulnerabilityCVE-2026-32247cve-2026-322470%live
VulnerabilityCVE-2026-32248cve-2026-322480%live
VulnerabilityCVE-2026-33980cve-2026-339800%live
VulnerabilityCVE-2026-40351cve-2026-403510%live
VulnerabilityCVE-2026-40352cve-2026-403520%live
VulnerabilityCVE-2026-41274cve-2026-412740%live
VulnerabilityCVE-2026-41327cve-2026-413270%live
VulnerabilityCVE-2026-41328cve-2026-413280%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE
Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')
CWE
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
CWE
Improper Neutralization of Wildcards or Matching Symbols
CWE
Improper Neutralization of Expression/Command Delimiters
CWE
Improper Neutralization of Special Elements Used in a Template Engine
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.