Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
2025-08-12T18:15:31.467
2025-08-14T01:20:16.437
Analyzed
CVSSv3.1: 8.8 (HIGH)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | microsoft | sql_server_2016 | < 13.0.6465.1 | Yes |
| Application | microsoft | sql_server_2016 | < 13.0.7060.1 | Yes |
| Application | microsoft | sql_server_2017 | < 14.0.2080.1 | Yes |
| Application | microsoft | sql_server_2017 | < 14.0.3500.1 | Yes |
| Application | microsoft | sql_server_2019 | < 15.0.2140.1 | Yes |
| Application | microsoft | sql_server_2019 | < 15.0.4440.1 | Yes |
| Application | microsoft | sql_server_2022 | < 16.0.1145.1 | Yes |
| Application | microsoft | sql_server_2022 | < 16.0.4210.1 | Yes |