CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,580 vulnerabilities with CWE-89
CVE-2025-55168 CRITICAL
WeGIA < 3.4.8 - SQL Injection via id_fichamedica Parameter
CVSS 9.8
CVE-2025-53727 HIGH
SQL Server 2016-2022 Authenticated SQL Injection
CVSS 8.8
CVE-2025-49759 HIGH
SQL Server 2016-2022 Authenticated SQL Injection
CVSS 8.8
CVE-2025-47954 HIGH
SQL Server 2022 16.0.1000.6-16.0.1145.1 - Authenticated SQL Injection
CVSS 8.8
CVE-2025-55167 CRITICAL
WeGIA < 3.4.8 - SQL Injection via id_dependente Parameter
CVSS 9.8
CVE-2025-8296 HIGH
Ivanti Avalanche < 6.4.8.8008 - Authenticated SQL Injection
CVSS 7.2
CVE-2025-55156 HIGH
pyLoad <0.5.0b3.dev91 - SQL Injection
CVE-2025-8811 HIGH
code-projects Simple Art Gallery 1.0 - SQL Injection via fname Parameter in Admin Registration
CVSS 7.3
CVE-2025-8809 HIGH
Online Medicine Guide 1.0 - SQL Injection via /addelidetails.php del Parameter
CVSS 7.3
CVE-2025-8806 MEDIUM
zhilink ADP Application Developer Platform 1.0.0 - SQL Injection via extId Parameter
CVSS 6.3
CVE-2025-8773 HIGH
DahuaTech Monitoring Platform 1.0 - SQL Injection via userBean.loginName Parameter
CVSS 7.3
CVE-2025-8744 HIGH
CesiumLab Web < 4.0 - SQL Injection via ID Parameter in /lodmodels/
CVSS 7.3
CVE-2025-52914 HIGH
Mitel MiCollab 10.0-10.0.1.101 - Authenticated SQL Injection in Suite Applications Services
CVSS 8.8
CVE-2025-50928 MEDIUM
Easy Hosting Control Panel EHCP <v20.04.1.b - SQL Injection
CVSS 4.8
CVE-2025-50468 MEDIUM
OpenMetadata <=1.4.4 - SQL Injection
CVSS 6.5
CVE-2025-50467 MEDIUM
OpenMetadata <=1.4.4 - SQL Injection
CVSS 6.5
CVE-2025-50466 HIGH
OpenMetadata <=1.4.4 - SQL Injection
CVSS 7.1
CVE-2025-50465 HIGH
OpenMetadata <=1.4.4 - SQL Injection
CVSS 7.1
CVE-2025-8706 MEDIUM
Wanzhou WOES Intelligent Optimization Energy Saving System 1.0 - SQL Injection via MM_MenID Parameter
CVSS 6.3
CVE-2025-8705 MEDIUM
Wanzhou WOES Intelligent Optimization Energy Saving System 1.0 - SQL Injection via BP_ProID Parameter
CVSS 6.3
CVE-2025-8704 MEDIUM
Wanzhou WOES Intelligent Optimization Energy Saving System 1.0 - SQL Injection via Analysis Conclusion Query Module
CVSS 6.3
CVE-2025-8703 MEDIUM
Wanzhou WOES Intelligent Optimization Energy Saving System 1.0 - SQL Injection via energyId Parameter
CVSS 6.3
CVE-2025-8702 MEDIUM
Wanzhou WOES Intelligent Optimization Energy Saving System 1.0 - SQL Injection via ObjectID Parameter
CVSS 6.3
CVE-2025-8701 MEDIUM
Wanzhou WOES Intelligent Optimization Energy Saving System 1.0 - SQL Injection via optUser Parameter
CVSS 6.3
CVE-2025-54396 MEDIUM
Netwrix Directory Manager 11.0.0.0-11.1.25162.02 - Authenticated SQL Injection
CVSS 5.4
Details
Vulnerabilities 19,580
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits