CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,572 vulnerabilities with CWE-89
CVE-2025-41034 CRITICAL
appRain CMF 4.0.5 - SQL Injection via data%5BPage%5D%5Bname%5D Parameter
CVSS 9.8
CVE-2025-41033 CRITICAL
appRain CMF 4.0.5 - SQL Injection via data%5BPage%5D%5Bname%5D Parameter
CVSS 9.8
CVE-2025-41032 CRITICAL
appRain CMF 4.0.5 - SQL Injection via Admin Username Parameter
CVSS 9.8
CVE-2025-9933 HIGH
PHPGurukul Beauty Parlour Management System 1.1 - SQL Injection via viewid Parameter
CVSS 7.3
CVE-2025-9932 HIGH
PHPGurukul Beauty Parlour Management System 1.1 - SQL Injection via /admin/update-image.php lid Parameter
CVSS 7.3
CVE-2025-9930 HIGH
1000projects Beauty Parlour Management System 1.0 - SQL Injection via mobnumber Parameter
CVSS 7.3
CVE-2025-9928 HIGH
projectworlds Travel Management System 1.0 - SQL Injection via viewcategory.php t1 Parameter
CVSS 7.3
CVE-2025-9927 HIGH
projectworlds Travel Management System 1.0 - SQL Injection via /viewpackage.php t1 Parameter
CVSS 7.3
CVE-2025-57833 HIGH
Django 4.2-4.2.23, 5.1-5.1.11, 5.2-5.2.5 - SQL Injection via FilteredRelation Column Aliases
CVSS 7.1
CVE-2025-9926 HIGH
projectworlds Travel Management System 1.0 - SQL Injection via /viewsubcategory.php t1 Parameter
CVSS 7.3
CVE-2025-9925 HIGH
projectworlds Travel Management System 1.0 - SQL Injection via detail.php pid Parameter
CVSS 7.3
CVE-2025-9924 HIGH
projectworlds Travel Management System 1.0 - SQL Injection via /enquiry.php t2 Parameter
CVSS 7.3
CVE-2025-9919 HIGH
1000projects Beauty Parlour Management System 1.0 - SQL Injection via fromdate/todate Parameters
CVSS 7.3
CVE-2025-56435 MEDIUM
FoxCMS < 1.2.6 - SQL Injection via DataBackup.php id Parameter
CVSS 5.3
CVE-2025-58604 HIGH
WPFunnels Mail Mint <1.18.5 - SQL Injection
CVSS 7.6
CVE-2025-57149 MEDIUM
phpgurukul Complaint Management System 2.0 - SQL Injection via cid Parameter
CVSS 6.5
CVE-2025-57147 HIGH
phpgurukul Complaint Management System 2.0 - SQL Injection via User Registration Parameters
CVSS 7.5
CVE-2025-57146 HIGH
phpgurukul Complaint Management System 2.0 - SQL Injection via mobileno Parameter
CVSS 8.1
CVE-2025-9840 MEDIUM
itsourcecode Sports Management System 1.0 - SQL Injection via Gametype Code Parameter
CVSS 6.3
CVE-2025-9839 HIGH
itsourcecode Student Information Management System 1.0 - SQL Injection via ID Parameter in Course Module
CVSS 7.3
CVE-2025-9838 HIGH
itsourcecode Student Information Management System 1.0 - SQL Injection via ID Parameter in Subject Module
CVSS 7.3
CVE-2025-9837 HIGH
itsourcecode Student Information Management System 1.0 - SQL Injection via studentId Parameter
CVSS 7.3
CVE-2025-9833 HIGH
Online Farm Management System 1.0 - SQL Injection via Login uname Parameter
CVSS 7.3
CVE-2025-9832 HIGH
SourceCodester Food Ordering Management System 1.0 - SQL Injection via Register Router Phone Parameter
CVSS 7.3
CVE-2025-9831 HIGH
PHPGurukul Beauty Parlour Management System 1.1 - SQL Injection via sername Parameter in edit-services.php
CVSS 7.3
Details
Vulnerabilities 19,572
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits