CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,572 vulnerabilities with CWE-89
CVE-2025-10078
HIGH
SourceCodester Online Polling System 1.0 - SQL Injection via ID Parameter in candidates.php
CVSS 7.3
CVE-2025-10077
HIGH
SourceCodester Online Polling System 1.0 - SQL Injection via Email Parameter in Registeracc.php
CVSS 7.3
CVE-2025-10076
HIGH
SourceCodester Online Polling System 1.0 - SQL Injection via Email Parameter in manage-profile.php
CVSS 7.3
CVE-2025-10068
HIGH
Online Discussion Forum 1.0 - SQL Injection via ID Parameter in add_views.php
CVSS 7.3
CVE-2025-10062
HIGH
itsourcecode Student Information Management System 1.0 - SQL Injection via uname Parameter
CVSS 7.3
CVE-2025-10033
HIGH
itsourcecode Online Discussion Forum 1.0 - SQL Injection via Username Parameter
CVSS 7.3
CVE-2025-10031
HIGH
Campcodes Grocery Sales and Inventory System 1.0 - SQL Injection via /ajax.php ID Parameter
CVSS 7.3
CVE-2025-10030
HIGH
Campcodes Grocery Sales and Inventory System 1.0 - SQL Injection via /ajax.php ID Parameter
CVSS 7.3
CVE-2025-10046
MEDIUM
ELEX WooCommerce Google Shopping <1.4.3 - SQL Injection
CVSS 4.9
CVE-2025-9085
MEDIUM
WordPress User Registration & Membership <4.3.0 - SQL Injection
CVSS 4.9
CVE-2025-10003
MEDIUM
UsersWP < 1.2.44 - Unauthenticated Time-Based SQL Injection via upload_file_remove Function
CVSS 6.5
CVE-2025-58439
HIGH
ERP <14.89.2 & 15.0.0-15.75.1 - SQL Injection
CVSS 8.1
CVE-2025-10025
HIGH
PHPGurukul Online Course Registration 3.1 - SQL Injection via Semester Parameter
CVSS 7.3
CVE-2025-58628
CRITICAL
Miraculous < 2.0.9 - Blind SQL Injection
CVSS 9.3
CVE-2025-58780
HIGH
ScienceLogic SL1 <12.1.1 - SQL Injection
CVSS 7.2
CVE-2025-10012
MEDIUM
Portabilis i-educar < 2.10.0 - SQL Injection via ref_cod_aluno Parameter
CVSS 6.3
CVE-2025-58881
HIGH
gopiplus New Simple Gallery <8.0 - SQL Injection
CVSS 8.5
CVE-2025-58789
HIGH
Themeisle WP Full Stripe Free <8.3.0 - SQL Injection
CVSS 7.6
CVE-2025-58788
HIGH
Saad Iqbal License Manager <3.0.12 - SQL Injection
CVSS 7.6
CVE-2025-10011
MEDIUM
Portabilis i-educar < 2.10.0 - SQL Injection via ID Parameter in TabelaArredondamento Edit Endpoint
CVSS 6.3
CVE-2025-48544
HIGH
Multiple Locations - Info Disclosure
CVSS 7.8
CVE-2025-32327
HIGH
Android - SQL Injection in PickerDbFacade.java
CVSS 7.8
CVE-2025-8311
CRITICAL
dotCMS Cloud Services (dCS) >=24.03.22 - Authenticated SQL Injection via Sites Parameter
CVE-2025-57263
HIGH
VX Guestbook 1.07 - Authenticated SQL Injection via Words Admin Panel Word Parameter
CVSS 7.2
CVE-2025-7385
CRITICAL
GOV CMS < 4.0 - Unauthenticated Blind SQL Injection via Search Query Parameter
Details
Vulnerabilities
19,572
Exploit Likelihood
High