CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,572 vulnerabilities with CWE-89
CVE-2025-10846 MEDIUM
Portabilis i-educar < 2.10.0 - SQL Injection via ComponenteCurricular Edit ID Parameter
CVSS 6.3
CVE-2025-10845 MEDIUM
Portabilis i-educar < 2.10.0 - SQL Injection via ComponenteCurricular ID Parameter
CVSS 6.3
CVE-2025-10844 MEDIUM
Portabilis i-Educar < 2.10.0 - SQL Injection via /module/Cadastro/aluno is Argument
CVSS 6.3
CVE-2025-10843 HIGH
Reservation Online Hotel Reservation System 1.0 - SQL Injection via PayPal Payout Confirm Parameter
CVSS 7.3
CVE-2025-10842 HIGH
Online Bidding System 1.0 - SQL Injection via ID Parameter in /administrator/wew.php
CVSS 7.3
CVE-2025-10841 HIGH
Online Bidding System 1.0 - SQL Injection via ID Parameter in /administrator/weweee.php
CVSS 7.3
CVE-2025-10840 MEDIUM
SourceCodester Pet Grooming Management Software 1.0 - SQL Injection via print-payment.php sql111 Parameter
CVSS 6.3
CVE-2025-10839 MEDIUM
SourceCodester Pet Grooming Management Software 1.0 - SQL Injection via inv-print.php ID Parameter
CVSS 6.3
CVE-2025-10836 HIGH
SourceCodester Pet Grooming Management Software 1.0 - SQL Injection via /admin/print1.php ID Parameter
CVSS 7.3
CVE-2025-10835 MEDIUM
SourceCodester Pet Grooming Management Software 1.0 - SQL Injection via /admin/view_payorder.php ID Parameter
CVSS 6.3
CVE-2025-10834 HIGH
Open Source Job Portal 1.0 - SQL Injection via User Email Parameter
CVSS 7.3
CVE-2025-10833 HIGH
1000projects Bookstore Management System 1.0 - SQL Injection via /login.php unm Parameter
CVSS 7.3
CVE-2025-10832 HIGH
Pet Grooming Management Software 1.0 - SQL Injection via Barcode Parameter in fetch_product_details.php
CVSS 7.3
CVE-2025-10831 HIGH
Campcodes Computer Sales and Inventory System 1.0 - SQL Injection via prodcode Parameter
CVSS 7.3
CVE-2025-10830 HIGH
Campcodes Computer Sales and Inventory System 1.0 - SQL Injection via inv_edit1.php idd Parameter
CVSS 7.3
CVE-2025-10829 HIGH
Campcodes Computer Sales and Inventory System 1.0 - SQL Injection via /pages/sup_edit1.php ID Parameter
CVSS 7.3
CVE-2025-10828 MEDIUM
SourceCodester Pet Grooming Management Software 1.0 - SQL Injection via edit.php ID Parameter
CVSS 6.3
CVE-2025-10826 MEDIUM
Campcodes Online Beauty Parlor Management System 1.0 - SQLi via sales-reports-detail.php
CVSS 6.3
CVE-2025-10825 MEDIUM
Campcodes Online Beauty Parlor Management System 1.0 - SQL Injection via viewid Parameter
CVSS 6.3
CVE-2025-10817 HIGH
Campcodes Online Learning Management System 1.0 - SQL Injection via Firstname Parameter
CVSS 7.3
CVE-2025-10813 HIGH
Hostel Management System 1.0 - SQL Injection via Home Parameter
CVSS 7.3
CVE-2025-10812 HIGH
Hostel Management System 1.0 - SQL Injection via ID Parameter in Admin Amenities View
CVSS 7.3
CVE-2025-59570 HIGH
WPFunnels Mail Mint <1.18.6 - SQL Injection
CVSS 7.6
CVE-2025-58686 HIGH
Quadlayers Perfect Brands <3.6.0 - SQL Injection
CVSS 8.5
CVE-2025-53468 HIGH
Wp tabber widget <4.0 - SQL Injection
CVSS 8.5
Details
Vulnerabilities 19,572
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits