Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-89

CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,406 vulnerabilities with CWE-89

CVE-2026-44923 MEDIUM

InfoScale VIOM < 9.1.3 - SQL Injection

CVE-2026-42383 HIGH

WordPress YITH WooCommerce Product Add-Ons plugin <= 4.29.0 - SQL Injection vulnerability

CVE-2026-9065 CRITICAL

Surecart - SQL Injection

CVE-2026-9059 CRITICAL

NextGEN Gallery - SQL Injection

CVE-2026-9010 HIGH

Boost <= 2.0.3 - Unauthenticated Blind SQL Injection via Multiple Parameters

CVE-2026-9003 HIGH

TONNET｜E-LAN Hybrid Recording System - SQL Injection

CVE-2026-8685 MEDIUM

Infility Global <= 2.15.16 - Authenticated (Subscriber+) SQL Injection via 'orderby' Parameter

CVE-2026-7472 MEDIUM

Read More & Accordion <= 3.5.7 - Authenticated (Administrator+) SQL Injection via 'orderby' Parameter

CVE-2026-3985 HIGH

Creative Mail – Easier WordPress & WooCommerce Email Marketing <= 1.6.9 - Unauthenticated SQL Injection via 'checkout_uuid' Parameter

CVE-2026-31069 HIGH

BillaBear - Authenticated SQL Injection via EventRepository Metric Filter Identifiers

CVE-2026-8912 HIGH

Contest Gallery <= 28.1.6 - Unauthenticated SQL Injection

CVE-2026-8827 HIGH

SQL Injection in extension "Address List" (tt_address)

CVE-2026-8726 HIGH

SQL Injection in extension "News system" (news)

CVE-2026-8851 HIGH

SOGo 5.12.7 SQL Injection via addUserInAcls endpoint

CVE-2026-6379 HIGH

WP Photo Album Plus < 9.1.11.001 - Unauthenticated SQL Injection via 'wppa-supersearch' Parameter

CVE-2026-8785 HIGH

projectworlds hospital-management-system-in-php GET Parameter update_info.php getAllPatientDetail sql injection

CVE-2026-8772 MEDIUM

linlinjava litemall Admin Endpoint sql injection

CVE-2026-8771 HIGH

linlinjava litemall Front-end WeChat API WxGoodsController.java list sql injection

CVE-2026-8734 HIGH

Oinone Pamirs queryListByWrapper RSQLToSQLNodeConnector.makeVariable sql injection

CVE-2026-8724 MEDIUM

Dataease Data Dashboard SqlparserUtils.java SqlparserUtils.transFilter sql injection

CVE-2026-46364 CRITICAL

phpMyFAQ - SQL Injection via User-Agent Header in BuiltinCaptcha

CVE-2026-46359 HIGH

phpMyFAQ - SQL Injection in CurrentUser::setTokenData via Unescaped OAuth Token Fields

CVE-2026-45800 HIGH

Vvveb: Authenticated SQL injection in /user/orders via order_by and direction

CVE-2026-7046 MEDIUM

NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.12 - Authenticated (Administrator+) SQL Injection via 'table' Parameter

CVE-2026-42847 HIGH

ClipBucket: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Previous Page 13 of 777 Next

Details

Vulnerabilities 19,406

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy