CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,572 vulnerabilities with CWE-89
CVE-2025-10562 HIGH
Campcodes Grocery Sales and Inventory System 1.0 - SQL Injection via /ajax.php ID Parameter
CVSS 7.3
CVE-2025-52044 HIGH
Frappe ERPNext 15.57.5 - SQL Injection via get_stock_balance() inventory_dimensions_dict Parameter
CVSS 7.5
CVE-2025-44034 HIGH
oa_system 1.1 - SQL Injection via alph Parameter
CVSS 8.0
CVE-2025-7744 CRITICAL
Dolusoft Omaspot <12.09.2025 - SQL Injection
CVSS 9.8
CVE-2025-4688 CRITICAL
BGS Interactive SINAV.LINK <1.2 - SQL Injection
CVSS 9.8
CVE-2025-10483 MEDIUM
Online Student File Management System 1.0 - SQL Injection via Firstname Parameter
CVSS 6.3
CVE-2025-10482 HIGH
Online Student File Management System 1.0 - SQL Injection via Username Parameter
CVSS 7.3
CVE-2025-10481 MEDIUM
Online Student File Management System 1.0 - SQL Injection via /remove_file.php ID Parameter
CVSS 6.3
CVE-2025-10479 HIGH
Online Student File Management System 1.0 - SQL Injection via stud_no Parameter
CVSS 7.3
CVE-2025-10477 MEDIUM
kidaze CourseSelectionSystem - SQL Injection via Branch Argument in eligibility.php
CVSS 6.3
CVE-2025-10473 MEDIUM
RuoYi < 4.8.1 - SQL Injection via Blacklist Handler filterKeyword Function
CVSS 6.3
CVE-2025-57104 MEDIUM
Teampel 5.1.6 - SQL Injection in /Common/login.aspx
CVSS 5.4
CVE-2025-59397 MEDIUM
Open Web Analytics < 1.8.1 - SQL Injection via owa_db.php v Parameter
CVSS 5.0
CVE-2025-52048 MEDIUM
Frappe 14.0.0-14.96.10 - SQL Injection via dt Parameter in add_tag()
CVSS 6.5
CVE-2025-10459 HIGH
PHPGurukul Beauty Parlour Management System 1.1 - SQL Injection via delid Parameter in all-appointment.php
CVSS 7.3
CVE-2025-10448 HIGH
Campcodes Online Job Finder System 1.0 - SQL Injection via Search Parameter
CVSS 7.3
CVE-2025-10446 HIGH
Campcodes Computer Sales and Inventory System 1.0 - SQL Injection via cust_searchfrm.php ID Parameter
CVSS 7.3
CVE-2025-10445 HIGH
Campcodes Computer Sales and Inventory System 1.0 - SQL Injection via Username Parameter in us_transac.php
CVSS 7.3
CVE-2025-10444 HIGH
Campcodes Online Job Finder System 1.0 - SQL Injection via Username Parameter in advancesearch.php
CVSS 7.3
CVE-2025-10436 HIGH
Campcodes Computer Sales and Inventory System 1.0 - SQL Injection via /pages/sup_searchfrm.php ID Parameter
CVSS 7.3
CVE-2025-10435 HIGH
Campcodes Computer Sales and Inventory System 1.0 - SQL Injection via cust_edit1.php ID Parameter
CVSS 7.3
CVE-2025-10431 MEDIUM
Pet Grooming Management Software 1.0 - SQL Injection via ID Parameter in /admin/ajax_represent.php
CVSS 6.3
CVE-2025-10430 MEDIUM
SourceCodester Pet Grooming Management Software 1.0 - SQL Injection via /admin/barcode.php ID Parameter
CVSS 6.3
CVE-2025-10429 MEDIUM
Pet Grooming Management Software 1.0 - SQL Injection via drop_services Parameter
CVSS 6.3
CVE-2025-10426 HIGH
Online Laundry Management System 1.0 - SQL Injection via Username Parameter in login.php
CVSS 7.3
Details
Vulnerabilities 19,572
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits