CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,576 vulnerabilities with CWE-89
CVE-2025-54048 CRITICAL
miniOrange Custom API for WP <4.2.2 - SQL Injection
CVSS 9.3
CVE-2025-49891 HIGH
Riotweb <2.6.2 - XSS
CVSS 8.5
CVE-2025-9156 HIGH
itsourcecode Sports Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-9155 HIGH
Online Tour and Travel Management System 1.0 - SQL Injection via Email Parameter in Forget Password
CVSS 7.3
CVE-2025-50926 MEDIUM
Easy Hosting Control Panel 20.04.1.b - SQL Injection via List All Email Addresses id Parameter
CVSS 6.5
CVE-2025-9154 HIGH
Online Tour and Travel Management System 1.0 - SQL Injection via Email Parameter
CVSS 7.3
CVE-2025-9150 HIGH
Surbowl dormitory-management-php <9f1d9d1f528cabffc66fda3652c56ff32...
CVSS 7.3
CVE-2025-9148 MEDIUM
CodePhiliaX Chat2DB <0.3.7 - SQL Injection
CVSS 6.3
CVE-2025-51506 MEDIUM
HRForecast Suite 0.4.3 - Authenticated SQL Injection via valueKey Parameter
CVSS 6.5
CVE-2025-51510 MEDIUM
moonshine < 2.0.2 - SQL Injection via Blog Categories Page
CVSS 4.9
CVE-2025-9140 MEDIUM
Lingdang CRM < 8.6.5.4 - SQL Injection via getvaluestring Parameter
CVSS 6.3
CVE-2025-50567 CRITICAL
Saurus CMS CE 4.7.1 - SQL Injection
CVSS 10.0
CVE-2025-7670 HIGH
JS Archive List plugin <6.1.5 - SQL Injection
CVSS 7.5
CVE-2025-52618 MEDIUM
HCL BigFix SaaS < 8.1.14 - SQL Injection
CVSS 4.3
CVE-2025-49897 HIGH
gopiplus Vertical scroll slideshow gallery <9.1 - SQL Injection
CVSS 8.8
CVE-2025-9053 HIGH
projectworlds Travel Management System 1.0 - SQL Injection via /updatesubcategory.php t1/s1 Parameter
CVSS 7.3
CVE-2025-9052 HIGH
projectworlds Travel Management System 1.0 - SQL Injection via /updatepackage.php s1 Parameter
CVSS 7.3
CVE-2025-9051 HIGH
projectworlds Travel Management System 1.0 - SQL Injection via /updatecategory.php t1 Parameter
CVSS 7.3
CVE-2025-9050 HIGH
projectworlds Travel Management System 1.0 - SQL Injection via /addcategory.php t1 Parameter
CVSS 7.3
CVE-2025-54475 HIGH
JS Jobs component for Joomla 1.3.2-1.4.4 - Authenticated SQL Injection
CVE-2025-54474 HIGH
DJ-Classifieds 3.9.2-3.10.1 - SQL Injection
CVE-2025-1929 HIGH
Reel Sektör Hazine ve Risk Yönetimi Yazılımı <1.0.0.4 - SQL Injection
CVSS 7.2
CVE-2025-9047 HIGH
projectworlds Visitor Management System 1.0 - SQL Injection via rid Parameter in visitor_out.php
CVSS 7.3
CVE-2025-9028 HIGH
Online Medicine Guide 1.0 - SQL Injection via phuname Parameter
CVSS 7.3
CVE-2025-9027 HIGH
Online Medicine Guide 1.0 - SQL Injection via deName Parameter in addelivery.php
CVSS 7.3
Details
Vulnerabilities 19,576
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits