CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,576 vulnerabilities with CWE-89
CVE-2025-8951
HIGH
PHPGurukul Teachers Record Management System 2.1 - SQL Injection via searchdata Parameter
CVSS 7.3
CVE-2025-8950
HIGH
Campcodes Online Recruitment Management System 1.0 - SQL Injection via ID Parameter
CVSS 7.3
CVE-2025-8948
HIGH
projectworlds Visitor Management System 1.0 - SQL Injection via rid Parameter in front.php
CVSS 7.3
CVE-2025-8947
HIGH
projectworlds Visitor Management System 1.0 - SQL Injection via dateF/dateP Parameter
CVSS 7.3
CVE-2025-8946
HIGH
projectworlds Online Notes Sharing Platform 1.0 - SQL Injection via User Parameter in login.php
CVSS 7.3
CVE-2025-8936
HIGH
1000 Projects Sales Management System 1.0 - SQL Injection via select2 Parameter in dordupdate.php
CVSS 7.3
CVE-2025-8935
HIGH
1000 Projects Sales Management System 1.0 - SQL Injection via Username Parameter in custcmp.php
CVSS 7.3
CVE-2025-8932
HIGH
1000projects Sales Management System 1.0 - SQL Injection via ssalescat Parameter
CVSS 7.3
CVE-2025-8931
MEDIUM
Medical Store Management System 1.0 - SQL Injection via ChangePassword.java newPassTxt Parameter
CVSS 6.3
CVE-2025-8930
MEDIUM
Medical Store Management System 1.0 - SQL Injection via Update Company Page companyNameTxt Parameter
CVSS 6.3
CVE-2025-8929
MEDIUM
Medical Store Management System 1.0 - SQL Injection via MainPanel.java searchTxt Argument
CVSS 6.3
CVE-2025-8928
MEDIUM
Medical Store Management System 1.0 - SQL Injection via UpdateMedicines.java productNameTxt Parameter
CVSS 6.3
CVE-2025-8926
HIGH
SourceCodester COVID 19 Testing Management System 1.0 - SQL Injection via Username Parameter in login.php
CVSS 7.3
CVE-2025-8925
HIGH
itsourcecode Sports Management System 1.0 - SQL Injection via /Admin/match.php Code Parameter
CVSS 7.3
CVE-2025-8924
HIGH
Campcodes Online Water Billing System 1.0 - SQL Injection via /viewbill.php ID Parameter
CVSS 7.3
CVE-2025-8923
HIGH
Job Diary 1.0 - SQL Injection via ID Parameter in edit-details.php
CVSS 7.3
CVE-2025-8922
HIGH
Job Diary 1.0 - SQL Injection via /admin-inbox.php ID Parameter
CVSS 7.3
CVE-2025-8921
HIGH
Job Diary 1.0 - SQL Injection via job_title Parameter in /user-apply.php
CVSS 7.3
CVE-2025-8908
MEDIUM
Lingdang CRM < 8.6.5.4 - SQL Injection via openid Parameter in event.php
CVSS 6.3
CVE-2025-8914
MEDIUM
WellChoose Organization Portal System < IFTOP_P3_2_1_197 - Unauthenticated SQL Injection
CVSS 6.5
CVE-2025-6184
HIGH
Tutor LMS Pro - WordPress <3.7.0 - SQL Injection
CVSS 8.8
CVE-2025-55168
CRITICAL
WeGIA < 3.4.8 - SQL Injection via id_fichamedica Parameter
CVSS 9.8
CVE-2025-53727
HIGH
SQL Server 2016-2022 Authenticated SQL Injection
CVSS 8.8
CVE-2025-49759
HIGH
SQL Server 2016-2022 Authenticated SQL Injection
CVSS 8.8
CVE-2025-47954
HIGH
SQL Server 2022 16.0.1000.6-16.0.1145.1 - Authenticated SQL Injection
CVSS 8.8
Details
Vulnerabilities
19,576
Exploit Likelihood
High