CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,402 vulnerabilities with CWE-89
CVE-2026-40819 HIGH
MB connect line mbCONNECT24 - Unauthenticated SQLI in sync_data24 Task
CVSS 7.5
CVE-2026-40818 HIGH
MB connect line mbCONNECT24 - Unauthenticated SQLI in _mb24confi_getDevice Function Function
CVSS 7.5
CVE-2026-40817 HIGH
MB connect line mbCONNECT24 - Unauthenticated SQLI in getAlarmProfiles Function
CVSS 7.5
CVE-2026-40816 HIGH
MB connect line mbCONNECT24 - Unauthenticated SQLI in _mb24confi_getTagAlarm Function
CVSS 7.5
CVE-2026-40815 HIGH
MB connect line mbCONNECT24 - Unauthenticated SQLI in _mb24api_getUserAccount Function
CVSS 7.5
CVE-2026-40814 HIGH
MB connect line mbCONNECT24 - Unauthenticated SQLI in _mb24confi_getTagAlarm Function
CVSS 7.5
CVE-2026-40813 HIGH
MB connect line mbCONNECT24 - Unauthenticated SQLI in getLiveValues
CVSS 7.5
CVE-2026-40812 HIGH
MB connect line mbCONNECT24 - Unauthenticated SQLI in getLiveValues Function
CVSS 7.5
CVE-2026-40811 HIGH
MB connect line mbCONNECT24 - Unauthenticated SQLI in Ssoabstractservice
CVSS 7.5
CVE-2026-40810 HIGH
MB connect line mbCONNECT24 - Unauthenticated SQLI in Userinfo Endpoint
CVSS 7.5
CVE-2026-9607 MEDIUM
itsourcecode Courier Management System parcel_list.php sql injection
CVSS 6.3
CVE-2026-9606 HIGH
itsourcecode Courier Management System manage_user.php sql injection
CVSS 7.3
CVE-2026-9584 HIGH
code-projects Project Management System Login chk.php sql injection
CVSS 7.3
CVE-2026-9575 HIGH
itsourcecode Student Transcript Processing System index.php sql injection
CVSS 7.3
CVE-2026-9574 HIGH
itsourcecode Student Transcript Processing System trans.php sql injection
CVSS 7.3
CVE-2026-9573 HIGH
itsourcecode Student Transcript Processing System index.php sql injection
CVSS 7.3
CVE-2026-46624 CRITICAL
Twenty: SQL Injection via the timeZone field
CVSS 9.9
CVE-2026-44706 HIGH
Chatwoot: SQL Injection in Conversation/Contact Filter API via Custom Attribute Values
CVSS 8.5
CVE-2026-44680 HIGH
MikroORM: SQL injection via runtime-controlled identifiers and JSON-path keys
CVSS 7.6
CVE-2026-35222 CRITICAL
Joomla! Core - [20260507] - Authenticated blind SQLi in com_tags
CVSS 9.8
CVE-2026-35221 CRITICAL
Joomla! Core - [20260506] - Authenticated blind SQLi in com_finder
CVSS 9.8
CVE-2026-9552 HIGH
Das Parking Management System 停车场管理系统 Search API Endpoint sql injection
CVSS 7.3
CVE-2026-9551 HIGH
Das Parking Management System 停车场管理系统 API Endpoint ExportParkingRecords xp_cmdshell sql injection
CVSS 7.3
CVE-2026-42425 HIGH
OpenKM 6.3.12 Unrestricted SQL Execution via DatabaseQuery
CVSS 7.2
CVE-2026-9544 HIGH
Shenzhen Sixun Software Sixun Shanghui Group Business Management System PayConfig sql injection
CVSS 7.3
Details
Vulnerabilities 19,402
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits