CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,572 vulnerabilities with CWE-89
CVE-2025-10421 MEDIUM
SourceCodester Student Grading System 1.0 - SQL Injection via /update_account.php ID Parameter
CVSS 6.3
CVE-2025-10420 MEDIUM
SourceCodester Student Grading System 1.0 - SQL Injection via ID Parameter in form137.php
CVSS 6.3
CVE-2025-10419 MEDIUM
SourceCodester Student Grading System 1.0 - SQL Injection via /del_promote.php sy Parameter
CVSS 6.3
CVE-2025-10418 MEDIUM
SourceCodester Student Grading System 1.0 - SQL Injection via /view_students.php ID Parameter
CVSS 6.3
CVE-2025-10417 HIGH
Campcodes Grocery Sales and Inventory System 1.0 - SQL Injection via /ajax.php ID Parameter
CVSS 7.3
CVE-2025-10416 HIGH
Campcodes Grocery Sales and Inventory System 1.0 - SQL Injection via /ajax.php ID Parameter
CVSS 7.3
CVE-2025-10415 HIGH
Campcodes Grocery Sales and Inventory System 1.0 - SQL Injection via /ajax.php ID Parameter
CVSS 7.3
CVE-2025-10414 HIGH
Campcodes Grocery Sales and Inventory System 1.0 - SQL Injection via /ajax.php ID Parameter
CVSS 7.3
CVE-2025-10413 HIGH
Campcodes Grocery Sales and Inventory System 1.0 - SQL Injection via /ajax.php ID Parameter
CVSS 7.3
CVE-2025-10409 MEDIUM
SourceCodester Student Grading System 1.0 - SQL Injection via fname Parameter
CVSS 6.3
CVE-2025-10408 MEDIUM
SourceCodester Student Grading System 1.0 - SQL Injection via /edit_user.php ID Parameter
CVSS 6.3
CVE-2025-10407 MEDIUM
SourceCodester Student Grading System 1.0 - SQL Injection via view_user.php ID Parameter
CVSS 6.3
CVE-2025-10405 HIGH
Baptism Information Management System 1.0 - SQL Injection via bapt_id Parameter
CVSS 7.3
CVE-2025-10404 HIGH
itsourcecode Baptism Information Management System 1.0 - SQL Injection via rptbaptismal.php ID Parameter
CVSS 7.3
CVE-2025-10403 HIGH
PHPGurukul Beauty Parlour Management System 1.1 - SQL Injection via viewid Parameter
CVSS 7.3
CVE-2025-10402 HIGH
PHPGurukul Beauty Parlour Management System 1.1 - SQL Injection via /admin/readenq.php delid Parameter
CVSS 7.3
CVE-2025-10400 MEDIUM
SourceCodester Food Ordering Management System 1.0 - SQL Injection via ticket_id Parameter
CVSS 6.3
CVE-2025-10399 MEDIUM
Korzh EasyQuery <7.4.0 - SQL Injection
CVSS 6.3
CVE-2025-10396 HIGH
Pet Grooming Management Software 1.0 - SQL Injection via /admin/edit_role.php ID Parameter
CVSS 7.3
CVE-2025-10387 MEDIUM
codesiddhant jasmin_ransomware <= 1.0.1 - SQL Injection via handshake.php
CVSS 6.3
CVE-2025-27240 HIGH
Zabbix 6.0.0-6.0.34 - Authenticated SQL Injection via Host Visible Name Field
CVSS 7.2
CVE-2025-10266 CRITICAL
NUP Portal < SP5.0 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2025-9807 HIGH
The Events Calendar <6.15.1 - SQL Injection
CVSS 7.5
CVE-2025-10251 MEDIUM
FoxCMS < 1.24 - SQL Injection via Images.php batchCope Function
CVSS 6.3
CVE-2025-40692 CRITICAL
Online Fire Reporting System 1.2 - SQL Injection via requestid Parameter
CVSS 9.8
Details
Vulnerabilities 19,572
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits