CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,572 vulnerabilities with CWE-89
CVE-2025-11309
HIGH
Tipray Data Leakage Prevention System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-11288
MEDIUM
CRMEB < 5.6 - SQL Injection via cate_id Parameter
CVSS 6.3
CVE-2025-10692
HIGH
OpenSupports <4.11.0 - SQL Injection
CVE-2025-54153
HIGH
Qsync Central 5.0.0.0-5.0.0.1 - Authenticated SQL Injection
CVSS 8.8
CVE-2025-53595
HIGH
Qsync Central <5.0.0.2 - SQL Injection
CVSS 8.8
CVE-2025-57423
MEDIUM
MyClub 0.5 - Unauthenticated SQL Injection via /articles Endpoint Query Parameters
CVSS 6.5
CVE-2025-9200
HIGH
Blappsta Mobile App Plugin <0.8.8.8 - SQL Injection
CVSS 7.5
CVE-2025-9199
MEDIUM
Woo superb slideshow transition gallery <9.1 - SQL Injection
CVSS 6.5
CVE-2025-9198
MEDIUM
Wp cycle text announcement plugin <8.1 - SQL Injection
CVSS 6.5
CVE-2025-40636
CRITICAL
Joomla mod_vvisit_counter <v2.0.4j3 - SQL Injection
CVE-2025-10726
CRITICAL
WPRecovery < 2.0 - Unauthenticated SQL Injection and Arbitrary File Deletion via data[id] Parameter
CVSS 9.1
CVE-2025-10582
HIGH
WP Dispatcher <1.2.0 - SQL Injection
CVSS 8.8
CVE-2025-0616
HIGH
Teknolojik Center Telecommunication Industry Trade Co. Ltd. B2B - N...
CVSS 8.2
CVE-2025-61605
CRITICAL
WeGIA < 3.5.0 - SQL Injection via id_pet Parameter
CVSS 9.8
CVE-2025-61603
CRITICAL
WeGIA < 3.5.0 - SQL Injection via descricao Parameter
CVSS 9.8
CVE-2025-56162
MEDIUM
Yiovo Firefly Mall - SQL Injection
CVSS 6.5
CVE-2025-61096
MEDIUM
PHPGurukul Online Shopping Portal Project <v2.1 - SQL Injection
CVSS 6.5
CVE-2025-59743
CRITICAL
AndSoft e-TMS 25.03 - SQL Injection via SessionID Cookie
CVSS 9.8
CVE-2025-59742
CRITICAL
AndSoft e-TMS 25.03 - SQL Injection via USRMAIL Parameter
CVSS 9.8
CVE-2025-56381
MEDIUM
ERPNEXT 15.67.0 - SQL Injection via order_by and group_by Parameters
CVSS 6.5
CVE-2025-56380
MEDIUM
Frappe Framework 15.72.4 - SQL Injection via get_value API fieldname Parameter
CVSS 6.5
CVE-2025-11020
HIGH
MarkAny SafePC Enterprise <7.0.1 - SQL Injection
CVSS 8.8
CVE-2025-59681
HIGH
Django 4.2-4.2.24, 5.1-5.1.12, 5.2-5.2.6 - SQL Injection via Column Alias Dictionary Expansion
CVSS 7.1
CVE-2025-52042
HIGH
Frappe ERPNext 15.57.5 - SQL Injection via txt Parameter in get_rfq_containing_supplier()
CVSS 8.2
CVE-2025-52041
HIGH
Frappe ERPNext 15.57.5 - SQL Injection via inventory_dimensions_dict Parameter
CVSS 8.2
Details
Vulnerabilities
19,572
Exploit Likelihood
High