Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-89

CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,581 vulnerabilities with CWE-89

CVE-2025-8157 MEDIUM

PHPGurukul User Registration & Login and User Management 3.3 - SQL Injection via ID Parameter

CVE-2025-8156 MEDIUM

PHPGurukul User Registration & Login and User Management 3.3 - SQL Injection via ID Parameter

CVE-2025-8135 MEDIUM

itsourcecode Insurance Management System 1.0 - SQL Injection via agent_id Parameter

CVE-2025-8134 MEDIUM

PHPGurukul BP Monitoring Management System 1.0 - SQL Injection via fromdate/todate Parameters

CVE-2025-8127 MEDIUM

deer-wms-2 < 3.3 - SQL Injection via params[dataScope]

CVE-2025-8126 MEDIUM

deer-wms-2 < 3.3 - SQL Injection via params[dataScope]

CVE-2025-8125 MEDIUM

deer-wms-2 < 3.3 - SQL Injection via params[dataScope]

CVE-2025-8124 MEDIUM

deer-wms-2 < 3.3 - SQL Injection via params[dataScope]

CVE-2025-54379 CRITICAL

LF Edge eKuiper < 2.2.1 - Unauthenticated SQL Injection via getLast API Table Name Parameter

CVE-2025-32429 CRITICAL

XWiki Platform - SQL Injection

CVE-2025-8123 MEDIUM

deer-wms-2 < 3.3 - SQL Injection via /system/dept/edit Ancestors Parameter

CVE-2025-4784 CRITICAL

Moderec Tourtella < 26.05.2025 - SQL Injection

CVE-2025-4822 CRITICAL

ScadaWatt Otopilot <27.05.2025 - SQL Injection

CVE-2025-54294 CRITICAL

Komento 4.0.0-4.0.7 - SQL Injection

CVE-2025-50127 HIGH

DJ-Flyer component for Joomla 1.0-3.2 - Authenticated SQL Injection

CVE-2025-43022 HIGH

Poly Clariti Manager <10.12.1 - SQL Injection

CVE-2025-51458 MEDIUM

DB-GPT 0.7.0 - SQL Injection via /v1/editor/sql/run or /v1/editor/chart/run Endpoints

CVE-2025-8018 MEDIUM

Food Ordering Review System 1.0 - SQL Injection via reg_Id Parameter

CVE-2025-4285 CRITICAL

Rolantis Information Technologies Agentis <4.32 - SQL Injection

CVE-2025-7950 HIGH

code-projects Public Chat Room 1.0 - SQL Injection

CVE-2025-7936 MEDIUM

fuyang_lipengjun platform - SQL Injection via ScheduleJobLogController queryPage

CVE-2025-7935 MEDIUM

fuyang_lipengjun platform < 2025-06-29 - SQL Injection via SysLogController Key Argument

CVE-2025-7934 MEDIUM

fuyang_lipengjun platform - SQL Injection via ScheduleJobController beanName Parameter

CVE-2025-7933 HIGH

Campcodes Sales & Inventory System 1.0 - SQL Injection

CVE-2025-7930 HIGH

Church Donation System 1.0 - SQL Injection

Previous Page 132 of 784 Next

Details

Vulnerabilities 19,581

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy