CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,572 vulnerabilities with CWE-89
CVE-2025-10624
HIGH
PHPGurukul User Management System 1.0 - SQL Injection via Email Parameter in Login
CVSS 7.3
CVE-2025-10623
HIGH
SourceCodester Hotel Reservation System 1.0 - SQL Injection via deleteuser.php ID Parameter
CVSS 7.3
CVE-2025-10621
HIGH
SourceCodester Hotel Reservation System 1.0 - SQL Injection via editroomimage.php ID Parameter
CVSS 7.3
CVE-2025-10620
MEDIUM
Online Clinic Management System 1.0 - SQL Injection via editp2.php Parameter Manipulation
CVSS 6.3
CVE-2025-10618
MEDIUM
Online Clinic Management System 1.0 - SQL Injection via transact.php firstname Parameter
CVSS 6.3
CVE-2025-10617
MEDIUM
SourceCodester Online Polling System 1.0 - SQL Injection via /admin/positions.php ID Parameter
CVSS 6.3
CVE-2025-10613
MEDIUM
itsourcecode Student Information System 1.0 - SQL Injection via leveledit1.php level_id Parameter
CVSS 6.3
CVE-2025-10604
HIGH
PHPGurukul Online Discussion Forum 1.0 - SQL Injection via /admin/edit_member.php ID Parameter
CVSS 7.3
CVE-2025-10603
HIGH
PHPGurukul Online Discussion Forum 1.0 - SQL Injection via Search Parameter
CVSS 7.3
CVE-2025-10602
MEDIUM
Online Exam Form Submission 1.0 - SQL Injection via /admin/delete_s1.php ID Parameter
CVSS 6.3
CVE-2025-10601
HIGH
Online Exam Form Submission 1.0 - SQL Injection via Email Parameter in Admin Index
CVSS 7.3
CVE-2025-10599
HIGH
itsourcecode Web-Based Internet Laboratory Management System 1.0 - SQL Injection via User::AuthenticateUser Function
CVSS 7.3
CVE-2025-10598
HIGH
Pet Grooming Management Software 1.0 - SQL Injection via group_id Parameter
CVSS 7.3
CVE-2025-10597
HIGH
kidaze CourseSelectionSystem < 2017-06-18 - SQL Injection via COUNT2.php cname Parameter
CVSS 7.3
CVE-2025-10596
HIGH
SourceCodester Online Exam Form Submission 1.0 - SQL Injection via usn Parameter
CVSS 7.3
CVE-2025-10595
MEDIUM
Online Student File Management System 1.0 - SQL Injection via user_id Parameter
CVSS 6.3
CVE-2025-10594
MEDIUM
Online Student File Management System 1.0 - SQL Injection via stud_id Parameter
CVSS 6.3
CVE-2025-10593
MEDIUM
Online Student File Management System 1.0 - SQL Injection via stud_id Parameter
CVSS 6.3
CVE-2025-10592
MEDIUM
Online Public Access Catalog 1.0 - SQL Injection via mysearch.php POST Parameter
CVSS 6.3
CVE-2025-10439
CRITICAL
Yordam Library Automation System <21.7 - SQL Injection
CVSS 9.8
CVE-2025-10042
MEDIUM
Quiz Maker < 6.7.0.56 - Unauthenticated SQL Injection via Spoofed IP Headers
CVSS 5.9
CVE-2025-10565
HIGH
Campcodes Grocery Sales and Inventory System 1.0 - SQL Injection via /ajax.php ID Parameter
CVSS 7.3
CVE-2025-10564
HIGH
Campcodes Grocery Sales and Inventory System 1.0 - SQL Injection via ID Parameter in delete_category Action
CVSS 7.3
CVE-2025-57631
CRITICAL
TDuckCloud 5.1 - SQL Injection via File Upload Module
CVSS 9.8
CVE-2025-10563
HIGH
Campcodes Grocery Sales and Inventory System 1.0 - SQL Injection via /ajax.php ID Parameter
CVSS 7.3
Details
Vulnerabilities
19,572
Exploit Likelihood
High