CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,576 vulnerabilities with CWE-89
CVE-2025-9025 MEDIUM
Simple Cafe Ordering System 1.0 - SQL Injection via /portal.php ID Parameter
CVSS 6.3
CVE-2025-9024 HIGH
PHPGurukul Beauty Parlour Management System 1.1 - SQL Injection via Book Appointment Message Parameter
CVSS 7.3
CVE-2025-7662 MEDIUM
Gestion de tarifs plugin - WordPress <1.4 - SQL Injection
CVSS 6.5
CVE-2025-9022 HIGH
SourceCodester Online Bank Management System <= 1.0 - SQL Injection via Email Parameter in Statements
CVSS 7.3
CVE-2025-9021 HIGH
Online Bank Management System <= 1.0 - SQL Injection via Email Parameter in Transfer Endpoint
CVSS 7.3
CVE-2025-9013 HIGH
PHPGurukul Online Shopping Portal Project 2.0 - SQL Injection via Email Parameter in Password Recovery
CVSS 7.3
CVE-2025-9012 HIGH
PHPGurukul Online Shopping Portal Project 2.0 - SQL Injection via billingpincode Parameter
CVSS 7.3
CVE-2025-9011 HIGH
PHPGurukul Online Shopping Portal Project 2.0 - SQL Injection via signup.php emailid Parameter
CVSS 7.3
CVE-2025-9010 HIGH
Online Tour and Travel Management System 1.0 - SQL Injection via Booking Report from_date Parameter
CVSS 7.3
CVE-2025-9009 HIGH
Online Tour and Travel Management System 1.0 - SQL Injection via Name Parameter in Email Setup
CVSS 7.3
CVE-2025-9008 HIGH
Online Tour and Travel Management System 1.0 - SQL Injection via SMS Setting uname Parameter
CVSS 7.3
CVE-2025-9002 HIGH
Surbowl dormitory-management-php 1.0 - SQL Injection via login.php Account Parameter
CVSS 7.3
CVE-2025-8993 HIGH
Online Tour and Travel Management System 1.0 - SQL Injection via Expense Report from_date Parameter
CVSS 7.3
CVE-2025-8990 HIGH
Online Medicine Guide 1.0 - SQL Injection via Search Parameter
CVSS 7.3
CVE-2025-8989 HIGH
COVID 19 Testing Management System 1.0 - SQL Injection via mobilenumber Parameter
CVSS 7.3
CVE-2025-8988 HIGH
SourceCodester COVID 19 Testing Management System 1.0 - SQL Injection via fromdate Parameter
CVSS 7.3
CVE-2025-8987 HIGH
SourceCodester COVID 19 Testing Management System 1.0 - SQL Injection via /test-details.php Remark Parameter
CVSS 7.3
CVE-2025-8986 HIGH
COVID 19 Testing Management System 1.0 - SQL Injection via Search Report Result Parameter
CVSS 7.3
CVE-2025-8985 HIGH
COVID 19 Testing Management System 1.0 - SQL Injection via Profile Mobile Number Parameter
CVSS 7.3
CVE-2025-8984 HIGH
Online Tour and Travel Management System 1.0 - SQL Injection via expense_name Parameter
CVSS 7.3
CVE-2025-8983 HIGH
Online Tour and Travel Management System 1.0 - SQL Injection via expense_for Parameter
CVSS 7.3
CVE-2025-8982 HIGH
Online Tour and Travel Management System 1.0 - SQL Injection via curr_code Parameter
CVSS 7.3
CVE-2025-8981 HIGH
Online Tour and Travel Management System 1.0 - SQL Injection via payment_type Parameter
CVSS 7.3
CVE-2025-55708 HIGH
ExpressTech Systems Quiz And Survey Master <10.2.4 - SQL Injection
CVSS 8.5
CVE-2025-8973 HIGH
SourceCodester Cashier Queuing System 1.0 - SQL Injection via Username Parameter in Actions.php
CVSS 7.3
Details
Vulnerabilities 19,576
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits