CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,580 vulnerabilities with CWE-89
CVE-2025-52327 HIGH
Restaurant Order System 1.0 - SQL Injection via payment.php
CVSS 7.8
CVE-2025-41375 CRITICAL
LimeSurvey 2.65.1+170522 - SQL Injection via Token Parameter
CVSS 9.8
CVE-2025-41374 HIGH
Gandia Integra Total 2.1.2217.3-4.4.2236.1 - Authenticated SQL Injection via idestudio Parameter
CVSS 8.8
CVE-2025-41373 HIGH
Gandia Integra Total 2.1.2217.3-4.4.2236.1 - Authenticated SQL Injection via idestudio Parameter
CVSS 8.8
CVE-2025-41372 HIGH
Gandia Integra Total 2.1.2217.3-4.4.2236.1 - Authenticated SQL Injection via idestudio Parameter
CVSS 8.8
CVE-2025-41371 HIGH
Gandia Integra Total 2.1.2217.3-4.4.2236.1 - Authenticated SQL Injection via idestudio Parameter
CVSS 8.8
CVE-2025-41370 HIGH
Gandia Integra Total 2.1.2217.3-4.4.2236.1 - Authenticated SQL Injection via idestudio Parameter
CVSS 8.8
CVE-2025-8443 HIGH
Online Medicine Guide 1.0 - SQL Injection via Login Username Parameter
CVSS 7.3
CVE-2025-8442 HIGH
Online Medicine Guide 1.0 - SQL Injection via /cussignup.php uname Parameter
CVSS 7.3
CVE-2025-8441 HIGH
Online Medicine Guide 1.0 - SQL Injection via phuname Parameter in pharsignup.php
CVSS 7.3
CVE-2025-8439 HIGH
Wazifa System 1.0 - SQL Injection via Password Parameter in updatesettings.php
CVSS 7.3
CVE-2025-8438 HIGH
code-projects Wazifa System 1.0 - SQL Injection via Post Parameter
CVSS 7.3
CVE-2025-8437 HIGH
Kitchen Treasure 1.0 - SQL Injection via Email Parameter in User Registration
CVSS 7.3
CVE-2025-8436 HIGH
projectworlds Online Admission System 1.0 - SQL Injection via /viewdoc.php ID Parameter
CVSS 7.3
CVE-2025-8431 HIGH
PHPGurukul Boat Booking System 1.0 - SQL Injection via boatname Parameter
CVSS 7.3
CVE-2025-8409 HIGH
code-projects Vehicle Management 1.0 - SQL Injection via /filter.php from Parameter
CVSS 7.3
CVE-2025-50867 MEDIUM
CloudClassroom-PHP-Project 1.0 - SQL Injection
CVSS 6.5
CVE-2025-8408 HIGH
code-projects Vehicle Management 1.0 - SQL Injection via filter1.php Vehicle Parameter
CVSS 7.3
CVE-2025-8407 HIGH
code-projects Vehicle Management 1.0 - SQL Injection via filter2.php from Parameter
CVSS 7.3
CVE-2025-8382 MEDIUM
Campcodes Online Hotel Reservation System 1.0 - SQL Injection via /admin/edit_room.php room_id Parameter
CVSS 6.3
CVE-2025-8381 MEDIUM
Campcodes Online Hotel Reservation System 1.0 - SQL Injection via room_id Parameter
CVSS 6.3
CVE-2025-8378 HIGH
Campcodes Online Hotel Reservation System 1.0 - SQL Injection via Login Component
CVSS 7.3
CVE-2025-8376 HIGH
code-projects Vehicle Management 1.0 - SQL Injection via /updatebal.php company Parameter
CVSS 7.3
CVE-2025-8375 HIGH
code-projects Vehicle Management 1.0 - SQL Injection via /addvehicle.php Vehicle Parameter
CVSS 7.3
CVE-2025-8374 HIGH
code-projects Vehicle Management 1.0 - SQL Injection via company Parameter in addcompany.php
CVSS 7.3
Details
Vulnerabilities 19,580
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits