CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,572 vulnerabilities with CWE-89
CVE-2025-9830
HIGH
PHPGurukul Beauty Parlour Management System 1.1 - SQL Injection via sids[] Parameter
CVSS 7.3
CVE-2025-9829
HIGH
PHPGurukul Beauty Parlour Management System 1.1 - SQL Injection via Mobilenumber Parameter
CVSS 7.3
CVE-2025-55476
MEDIUM
FireShare FileShare 1.2.25 - SQL Injection
CVSS 6.5
CVE-2025-50565
MEDIUM
Doubo ERP 1.0 - SQL Injection
CVSS 6.5
CVE-2025-55472
MEDIUM
Tirreno 0.9.5 - SQL Injection via /admin/loadUsers columns[0][data] Parameter
CVSS 6.5
CVE-2025-57140
CRITICAL
ruisibi 4.7 - SQL Injection via DatasetService Path
CVSS 9.8
CVE-2025-9814
HIGH
PHPGurukul Beauty Parlour Management System 1.1 - SQL Injection via mobnumber Parameter
CVSS 7.3
CVE-2025-9811
HIGH
Campcodes Farm Management System 1.0 - SQL Injection via Rating Parameter
CVSS 7.3
CVE-2025-9802
MEDIUM
RemoteClinic 2.0 - SQL Injection via ID Parameter in /staff/profile.php
CVSS 4.7
CVE-2025-9794
HIGH
Campcodes Computer Sales and Inventory System 1.0 - SQL Injection via cash/firstname Parameter
CVSS 7.3
CVE-2025-9793
HIGH
Apartment Management System 1.0 - SQL Injection via ddlBranch Parameter
CVSS 7.3
CVE-2025-9792
HIGH
itsourcecode Apartment Management System 1.0 - SQL Injection via mid Parameter in e_all_info.php
CVSS 7.3
CVE-2025-9790
HIGH
SourceCodester Hotel Reservation System 1.0 - SQL Injection via updateabout.php Address Parameter
CVSS 7.3
CVE-2025-9789
HIGH
Online Hotel Reservation System 1.0 - SQL Injection via edituser.php userid Parameter
CVSS 7.3
CVE-2025-9788
HIGH
Campcodes School Log Management System 1.0 - SQL Injection via admin_class.php id_no Parameter
CVSS 7.3
CVE-2025-9786
HIGH
Campcodes Online Learning Management System 1.0 - SQL Injection via Teacher Signup Firstname Parameter
CVSS 7.3
CVE-2025-9771
HIGH
Eye Clinic Management System 1.0 - SQL Injection via Search Parameter in search_index_Diagnosis.php
CVSS 7.3
CVE-2025-9770
HIGH
Campcodes Hospital Management System 1.0 - SQL Injection via Admin Dashboard Login Password Parameter
CVSS 7.3
CVE-2025-9768
MEDIUM
Sports Management System 1.0 - SQL Injection via Admin/mode.php Code Parameter
CVSS 6.3
CVE-2025-9767
HIGH
Sports Management System 1.0 - SQL Injection via Admin/sporttype.php Code Parameter
CVSS 7.3
CVE-2025-9766
HIGH
Sports Management System 1.0 - SQL Injection via Facilitator Code Parameter
CVSS 7.3
CVE-2025-9765
HIGH
Sports Management System 1.0 - SQL Injection via /Admin/tournament_details.php ID Parameter
CVSS 7.3
CVE-2025-9764
HIGH
Sports Management System 1.0 - SQL Injection via ID Parameter in resultdetails.php
CVSS 7.3
CVE-2025-9763
HIGH
Campcodes Online Learning Management System 1.0 - SQL Injection via Username Parameter in Student Signup
CVSS 7.3
CVE-2025-9761
HIGH
Campcodes Online Feeds Product Inventory System 1.0 - SQL Injection via Username Parameter in Login Component
CVSS 7.3
Details
Vulnerabilities
19,572
Exploit Likelihood
High