CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,572 vulnerabilities with CWE-89
CVE-2025-40691 CRITICAL
Online Fire Reporting System 1.2 - SQL Injection via todate Parameter
CVSS 9.8
CVE-2025-40690 CRITICAL
Online Fire Reporting System 1.2 - SQL Injection via teamid Parameter
CVSS 9.8
CVE-2025-40689 CRITICAL
Online Fire Reporting System 1.2 - SQL Injection via remark status or requestid Parameter
CVSS 9.8
CVE-2025-40687 CRITICAL
Online Fire Reporting System 1.2 - SQL Injection via mobilenumber, teamleadname, and teammember Parameters
CVSS 9.8
CVE-2025-9451 MEDIUM
Smartcat Translator for WPML <3.1.69 - SQL Injection
CVSS 6.5
CVE-2025-9073 HIGH
All in one Minifier <3.2 - SQL Injection
CVSS 7.5
CVE-2025-8692 MEDIUM
Coupon API plugin <6.2.9 - SQL Injection
CVSS 4.9
CVE-2025-9776 MEDIUM
CatFolders - Time-Based SQL Injection
CVSS 6.5
CVE-2025-10218 MEDIUM
lostvip ruoyi-go 2.1 - SQL Injection via SysRoleDao SelectListPage sortName Parameter
CVSS 6.3
CVE-2025-10210 MEDIUM
chancms < 3.3.0 - SQL Injection via Search Function Key Parameter
CVSS 6.3
CVE-2025-56407 HIGH
UTCMS V9 - SQL Injection via RunSql Function in mysql.php
CVSS 8.8
CVE-2025-9943 CRITICAL
Shibboleth Service Provider < 3.5.0 - Unauthenticated SQL Injection via SAML Response ID Attribute
CVSS 9.1
CVE-2025-9463 MEDIUM
WooCommerce Stripe/PayPal/Square/Auth.net <1.117.5 - SQL Injection
CVSS 6.5
CVE-2025-7826 MEDIUM
Testimonial plugin <2.3 - SQL Injection
CVSS 6.5
CVE-2025-6189 MEDIUM
Duplicate Page and Post <2.9.5 - SQL Injection
CVSS 6.5
CVE-2025-10142 MEDIUM
PagBank/PagSeguro Connect para WooCommerce <4.44.3 - SQL Injection
CVSS 4.9
CVE-2025-10197 MEDIUM
HJSoft HCM <20250822 - SQL Injection
CVSS 6.3
CVE-2025-58448 CRITICAL
rAthena <commit 0d89ae0 - SQL Injection
CVSS 9.1
CVE-2025-58462 CRITICAL
OPEXUS FOIAXpress PAL <11.13.1.0 - SQL Injection
CVSS 9.8
CVE-2025-59008 HIGH
PressTigers ZIP Code Based Content Protection <1.0.0 - SQL Injection
CVSS 7.6
CVE-2025-58993 HIGH
Themeum Tutor LMS <3.7.4 - SQL Injection
CVSS 7.6
CVE-2025-47569 CRITICAL
WPSwings WooCommerce Ultimate Gift Card <2.8.10 - SQL Injection
CVSS 9.3
CVE-2025-10095 MEDIUM
SMSEagle < 6.11 - SQL Injection in SMPP Server Component
CVE-2025-10122 MEDIUM
Maccms10 2025.1000.4050 - SQL Injection via Database Controller Rep Function
CVSS 4.7
CVE-2025-10121 MEDIUM
uverif < 3.2 - SQL Injection via addbatch Function
CVSS 6.3
Details
Vulnerabilities 19,572
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits