CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,599 vulnerabilities with CWE-89
CVE-2025-7160 HIGH
PHPGurukul Zoo Management System 2.1 - SQL Injection via Username Parameter
CVSS 7.3
CVE-2025-7159 MEDIUM
PHPGurukul Zoo Management System 2.1 - SQL Injection via /admin/manage-animals.php ID Parameter
CVSS 6.3
CVE-2025-7158 MEDIUM
PHPGurukul Zoo Management System 2.1 - SQL Injection via ID Parameter in manage-normal-ticket.php
CVSS 6.3
CVE-2025-7157 HIGH
Online Note Sharing 1.0 - SQL Injection via Login Username/Password Parameter
CVSS 7.3
CVE-2025-7156 MEDIUM
hitsz-ids airda 0.0.3 - SQL Injection
CVSS 6.3
CVE-2025-7155 HIGH
PHPGurukul Online Notes Sharing System 1.0 - SQL Injection via Session ID Cookie
CVSS 7.3
CVE-2025-7150 MEDIUM
Campcodes Advanced Online Voting System 1.0 - SQL Injection via ID Parameter in voters_delete.php
CVSS 6.3
CVE-2025-7149 MEDIUM
Campcodes Advanced Online Voting System 1.0 - SQL Injection via ID Parameter in candidates_delete.php
CVSS 6.3
CVE-2025-7147 HIGH
CodeAstro Patient Record Management System 1.0 - SQL Injection via /login.php uname Parameter
CVSS 7.3
CVE-2025-7138 MEDIUM
Best Salon Management System 1.0 - SQL Injection via adminname Parameter
CVSS 6.3
CVE-2025-7137 MEDIUM
Best Salon Management System 1.0 - SQL Injection via staff_id Parameter
CVSS 6.3
CVE-2025-7136 HIGH
Campcodes Online Recruitment Management System 1.0 - SQL Injection via ID Parameter in View Vacancy
CVSS 7.3
CVE-2025-53529 CRITICAL
WeGIA < 3.4.3 - Unauthenticated SQL Injection via id_funcionario Parameter
CVSS 9.8
CVE-2025-53527 CRITICAL
WeGIA - Time-Based Blind SQL Injection via almox Parameter
CVSS 9.8
CVE-2025-7135 HIGH
Campcodes Online Recruitment Management System 1.0 - SQL Injection via ID Parameter in save_vacancy Action
CVSS 7.3
CVE-2025-7134 HIGH
Campcodes Online Recruitment Management System 1.0 - SQL Injection via ID Parameter in Delete Application
CVSS 7.3
CVE-2025-45065 CRITICAL
Employee Record Management System in PHP and MySQL v1 - SQL Injection via loginerms.php Endpoint
CVSS 9.8
CVE-2025-7132 HIGH
Campcodes Payroll Management System 1.0 - SQL Injection via /ajax.php ID Parameter
CVSS 7.3
CVE-2025-7131 HIGH
Campcodes Payroll Management System 1.0 - SQL Injection via employee_id Parameter in save_employee_attendance
CVSS 7.3
CVE-2025-7130 HIGH
Campcodes Payroll Management System 1.0 - SQL Injection via /ajax.php ID Parameter
CVSS 7.3
CVE-2025-7129 HIGH
Campcodes Payroll Management System 1.0 - SQL Injection via ID Parameter in delete_employee_attendance_single
CVSS 7.3
CVE-2025-7128 HIGH
Campcodes Payroll Management System 1.0 - SQL Injection via ID Parameter in /ajax.php
CVSS 7.3
CVE-2025-7127 MEDIUM
Employee Management System <= 1.0 - SQL Injection via currentpassword Parameter
CVSS 4.7
CVE-2025-7126 MEDIUM
Employee Management System <= 1.0 - SQL Injection via AdminName Parameter
CVSS 6.3
CVE-2025-7125 MEDIUM
Employee Management System <= 1.0 - SQL Injection via coursepg Parameter
CVSS 6.3
Details
Vulnerabilities 19,599
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits