Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-89

CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,572 vulnerabilities with CWE-89

CVE-2025-11040 HIGH

Hostel Management System 1.0 - SQL Injection

CVE-2025-11039 HIGH

Campcodes Computer Sales & Inventory System 1.0 - SQL Injection

CVE-2025-11038 MEDIUM

isourcecode Online Clinic Management System 1.0 - SQL Injection

CVE-2025-11037 HIGH

Code-projects E-Commerce Website 1.0 - SQL Injection

CVE-2025-11036 HIGH

code-projects E-Commerce Website 1.0 - SQL Injection

CVE-2025-11033 HIGH

kidaze CourseSelectionSystem < 2017-06-18 - SQL Injection via COUNT3s7.php cbe Argument

CVE-2025-11032 HIGH

kidaze CourseSelectionSystem < 2017-06-18 - SQL Injection via CPU Argument in COUNT3s6.php

CVE-2025-60118 HIGH

PGS Core <= 5.9.0 - SQL Injection

CVE-2025-60110 HIGH

LambertGroup AllInOne - Banner Rotator <3.8 - SQL Injection

CVE-2025-60109 HIGH

LambertGroup AllInOne - Content Slider <3.8 - SQL Injection

CVE-2025-60108 HIGH

LambertGroup AllInOne - Banner with Thumbnails <3.8 - SQL Injection

CVE-2025-60107 HIGH

LambertGroup AllInOne - Banner with Playlist <3.8 - SQL Injection

CVE-2025-10037 MEDIUM

Featured Image from URL (FIFU) <= 5.2.7 - Authenticated SQL Injection via get_posts_with_internal_featured_image()

CVE-2025-10036 MEDIUM

WordPress FIFU <5.2.7 - SQL Injection

CVE-2025-10973 HIGH

JackieDYH Resume-management-system <fb6b857d852dd796e748ce30c606fe5...

CVE-2025-59816 HIGH

Zenitel ICX500 and ICX510 < 1.4.3.3 - SQL Injection and Plaintext Password Disclosure

CVE-2025-59814 HIGH

Zenitel ICX500-ICX510 - Info Disclosure

CVE-2025-10967 HIGH

MuFen-mker PHP-Usermm <37f2d24e51b04346dfc565b93fc2fc6b37bdaea9 - S...

CVE-2025-27261 CRITICAL

Ericsson Indoor Connect 8855 - SQL Injection

CVE-2025-40698 HIGH

Prevengos < 2.48 - SQL Injection via mpsCentroin Parameter

CVE-2025-29084 MEDIUM

CSZ-CMS 1.3.0 - SQL Injection via Upgrade.php execSqlFile Function

CVE-2025-10184 HIGH

OxygenOS 11.*-15.* - Unauthenticated SMS/MMS Data Exposure via Telephony Provider Permission Bypass

CVE-2025-10857 HIGH

Campcodes Point of Sale System 1.0 - SQL Injection via Username Parameter in login.php

CVE-2025-10851 HIGH

Campcodes Gym Management System 1.0 - SQL Injection via Username Parameter in /ajax.php

CVE-2025-10848 MEDIUM

Campcodes Society Membership Information System 1.0 - SQL Injection via student_id Parameter in check_student.php

Previous Page 104 of 783 Next

Details

Vulnerabilities 19,572

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy