CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,599 vulnerabilities with CWE-89
CVE-2025-7178 HIGH
code-projects Food Distributor Site 1.0 - SQL Injection via Username Parameter
CVSS 7.3
CVE-2025-7177 MEDIUM
PHPGurukul Car Washing Management System 1.0 - SQL Injection via wpid Parameter
CVSS 4.7
CVE-2025-7176 HIGH
PHPGurukul Hospital Management System 1.0 - SQL Injection via viewid Parameter in view-medhistory.php
CVSS 7.3
CVE-2025-40717 CRITICAL
Quiter Gateway < 4.7.0 - SQL Injection via pagina.filter.categoria Parameter
CVSS 9.8
CVE-2025-40716 CRITICAL
Quiter Gateway < 4.7.0 - SQL Injection via suceso.contenido Parameter
CVSS 9.8
CVE-2025-40715 CRITICAL
Quiter Gateway < 4.7.0 - SQL Injection via QISClient API Message Field
CVSS 9.8
CVE-2025-40714 CRITICAL
Quiter Gateway < 4.7.0 - SQL Injection via id_factura Parameter
CVSS 9.8
CVE-2025-40713 CRITICAL
Quiter Gateway < 4.7.0 - SQL Injection via Campo Parameter
CVSS 9.8
CVE-2025-40712 CRITICAL
Quiter Gateway < 4.7.0 - SQL Injection via id_concesion Parameter
CVSS 9.8
CVE-2025-40711 CRITICAL
Quiter Gateway < 4.7.0 - SQL Injection via id_concesion Parameter
CVSS 9.8
CVE-2025-7174 HIGH
code-projects Library System 1.0 - SQL Injection via /teacher-issue-book.php idn Parameter
CVSS 7.3
CVE-2025-40735 HIGH
SINEC NMS < 4.0 - Unauthenticated SQL Injection
CVSS 8.8
CVE-2025-7173 HIGH
code-projects Library System 1.0 - SQL Injection via Username Parameter in /add-student.php
CVSS 7.3
CVE-2025-7172 HIGH
code-projects Crime Reporting System 1.0 - SQL Injection via email Parameter in /headlogin.php
CVSS 7.3
CVE-2025-7171 HIGH
code-projects Crime Reporting System 1.0 - SQL Injection via /policelogin.php Email Parameter
CVSS 7.3
CVE-2025-7170 HIGH
code-projects Crime Reporting System 1.0 - SQL Injection via Name Parameter in registration.php
CVSS 7.3
CVE-2025-7169 HIGH
code-projects Crime Reporting System 1.0 - SQL Injection via location Parameter in complainer_page.php
CVSS 7.3
CVE-2025-7168 HIGH
code-projects Crime Reporting System 1.0 - SQL Injection via Userlogin Email Parameter
CVSS 7.3
CVE-2025-7167 MEDIUM
Responsive Blog Site 1.0 - SQL Injection via Category.php ID Parameter
CVSS 6.3
CVE-2025-7166 MEDIUM
Responsive Blog Site 1.0 - SQL Injection via ID Parameter in single.php
CVSS 6.3
CVE-2025-7165 HIGH
PHPGurukul Cyber Cafe Management System 1.0 - SQL Injection via Forgot Password Email Parameter
CVSS 7.3
CVE-2025-7164 HIGH
PHPGurukul Cyber Cafe Management System 1.0 - SQL Injection via Username Parameter
CVSS 7.3
CVE-2025-7163 MEDIUM
PHPGurukul Zoo Management System 2.1 - SQL Injection via cnum Parameter in add-animals.php
CVSS 6.3
CVE-2025-7162 MEDIUM
PHPGurukul Zoo Management System 2.1 - SQL Injection via cprice Parameter
CVSS 6.3
CVE-2025-7161 MEDIUM
PHPGurukul Zoo Management System 2.1 - SQL Injection via cprice Parameter
CVSS 6.3
Details
Vulnerabilities 19,599
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits