Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-89

CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,402 vulnerabilities with CWE-89

CVE-2026-9542 MEDIUM

CodeAstro Leave Management System add_staff.php sql injection

CVE-2026-48136 MEDIUM

Authenticated Administrator Role-Based Access Control Bypass in Compliance

CVE-2026-48134 MEDIUM

SQL injection issue in UserCheck Portal when DLP Software Blade is active

CVE-2026-9528 HIGH

itsourcecode Electronic Judging System delete_judge.php sql injection

CVE-2026-9526 HIGH

itsourcecode Electronic Judging System edit_team.php sql injection

CVE-2026-9525 HIGH

itsourcecode Electronic Judging System edit_judge.php sql injection

CVE-2026-9524 MEDIUM

xianrendzw EasyReport REST Endpoint execute sql injection

CVE-2026-9523 HIGH

Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform getCalcmeterDetailDayListTree sql injection

CVE-2026-48837 HIGH

WordPress Unlimited Elements For Elementor plugin <= 2.0.8 - SQL Injection vulnerability

CVE-2026-42774 CRITICAL

WordPress JetEngine plugin <= 3.8.8.1 - SQL Injection vulnerability

CVE-2026-42773 CRITICAL

WordPress eMagicOne Store Manager plugin <= 1.3.2 - SQL Injection vulnerability

CVE-2026-48842 HIGH

Roundcube Webmail - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE-2026-9474 HIGH

yashpokharna2555 StudentManagementSystem studentdel.php confirm_logged_in sql injection

CVE-2026-27768 MEDIUM

Genetec Security Center - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE-2026-9470 HIGH

yashpokharna2555 StudentManagementSystem student_trans.php confirm_logged_in sql injection

CVE-2026-9469 HIGH

yashpokharna2555 StudentManagementSystem success.php sql injection

CVE-2026-9465 HIGH

Tiandy Easy7 Integrated Management Platform GetDBDataEx.jsp sql injection

CVE-2026-9451 MEDIUM

code-projects Employee Management System applyleaveprocess.php sql injection

CVE-2026-9450 MEDIUM

code-projects Employee Management System psubmit.php sql injection

CVE-2026-9449 MEDIUM

code-projects Employee Management System changepassemp.php sql injection

CVE-2026-9447 HIGH

SourceCodester Simple POS and Inventory System search.php sql injection

CVE-2026-9446 MEDIUM

SourceCodester Simple POS and Inventory System edit_customer.php sql injection

CVE-2026-9444 MEDIUM

SourceCodester Simple POS and Inventory System GET Parameter deleteproduct.php delete sql injection

CVE-2026-9411 MEDIUM

SourceCodester Indian Invoicing System Invoice Generation IGST_Invoice.php sql injection

CVE-2026-9383 HIGH

itsourcecode Electronic Judging System login.php sql injection

Previous Page 11 of 777 Next

Details

Vulnerabilities 19,402

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy