Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-89

CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,580 vulnerabilities with CWE-89

CVE-2025-8373 HIGH

code-projects Vehicle Management 1.0 - SQL Injection via /print.php sno Parameter

CVE-2025-8372 HIGH

code-projects Exam Form Submission 1.0 - SQL Injection via /admin/update_s7.php credits Parameter

CVE-2025-8371 HIGH

code-projects Exam Form Submission 1.0 - SQL Injection via /admin/update_s5.php credits Parameter

CVE-2025-8347 MEDIUM

Kehua Charging Pile Cloud Platform 1.0 - SQL Injection via /sys/task/findAllTask

CVE-2025-8345 MEDIUM

Lingdang CRM < 8.6.5.2 - SQL Injection via yunzhijiaApi.php delete_user Function

CVE-2025-8339 HIGH

Intern Membership Management System 1.0 - SQL Injection via User Name or Password Parameter

CVE-2025-8338 HIGH

projectworlds Online Admission System 1.0 - SQL Injection via /adminac.php ID Parameter

CVE-2025-8336 HIGH

Campcodes Online Recruitment Management System 1.0 - SQL Injection via ID Parameter in /admin/ajax.php

CVE-2025-8334 HIGH

Campcodes Online Recruitment Management System 1.0 - SQL Injection via ID Parameter in /admin/ajax.php

CVE-2025-8333 HIGH

Online Farm System 1.0 - SQL Injection via /categoryvalue.php Value Parameter

CVE-2025-8332 HIGH

Online Farm System 1.0 - SQL Injection via Username Parameter in Register Endpoint

CVE-2025-8331 HIGH

Online Farm System 1.0 - SQL Injection via Forgot Password Email Parameter

CVE-2025-8330 HIGH

code-projects Vehicle Management 1.0 - SQL Injection via /edit1.php sno Parameter

CVE-2025-8329 HIGH

code-projects Vehicle Management 1.0 - SQL Injection via company Parameter in filter3.php

CVE-2025-8328 HIGH

code-projects Exam Form Submission 1.0 - SQL Injection via USN Parameter

CVE-2025-8327 HIGH

code-projects Exam Form Submission 1.0 - SQL Injection via /admin/delete_s8.php ID Parameter

CVE-2025-8326 HIGH

code-projects Exam Form Submission 1.0 - SQL Injection via /admin/delete_s7.php ID Parameter

CVE-2025-6348 MEDIUM

Smart Slider 3 <3.5.1.28 - SQL Injection

CVE-2025-45346 HIGH

Bacula-web < 9.7.1 - SQL Injection via HTTP GET Request

CVE-2025-51045 MEDIUM

Phpgurukul Pre-School Enrollment System 1.0 - SQL Injection

CVE-2025-51044 MEDIUM

phpgurukul NiV <1.0 - SQL Injection

CVE-2025-2928 HIGH

Genetec Security Center 5.9.0.0-5.9.5.8, 5.10.0.0-5.10.4.27, 5.11.0.0-5.11.3.18, 5.12.0.0-5.12.2.5 - SQL Injection

CVE-2025-51970 HIGH

PuneethReddyHC Online Shopping System Advanced 1.0 - SQL Injection via action.php keyword Parameter

CVE-2025-40682 CRITICAL

Human Resource Management System 1.0 - SQL Injection via City and State Parameters

CVE-2025-8264 CRITICAL

z-push-dev < 2.7.6 - SQL Injection via IMAP Username Field

Previous Page 129 of 784 Next

Details

Vulnerabilities 19,580

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy