Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-89

CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,612 vulnerabilities with CWE-89

CVE-2025-28983 CRITICAL

Click&pledge Connect <WP6.8 - SQL Injection

CVE-2025-24780 HIGH

Printcart Web to Print Product Designer for WooCommerce <2.4.0 - SQ...

CVE-2025-30979 HIGH

gopiplus Pixelating image slideshow gallery <8.0 - SQL Injection

CVE-2025-30969 HIGH

gopiplus iFrame Images Gallery <9.0 - SQL Injection

CVE-2025-30947 HIGH

gopiplus Cool fade popup <10.1 - SQL Injection

CVE-2025-28969 HIGH

cybio Gallery Widget <1.2.1 - SQL Injection

CVE-2025-28967 HIGH

Contact people LITE <3.7.4 - SQL Injection

CVE-2025-6783 HIGH

GoZen Forms <= 1.1.5 - Unauthenticated SQL Injection via forms-id Parameter

CVE-2025-6782 HIGH

GoZen Forms < 1.1.5 - Unauthenticated SQL Injection via forms-id Parameter

CVE-2025-6739 MEDIUM

WPQuiz < 0.4.2 - Authenticated SQL Injection via Shortcode ID Parameter

CVE-2025-45809 MEDIUM

litellm < 1.81.0 - SQL Injection via Key Parameter

CVE-2025-1708 HIGH

endress meac300-fnade4_firmware < 0.16.0 - SQL Injection

CVE-2025-6437 HIGH

Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated SQL Injection via oid Parameter

CVE-2025-5339 HIGH

Ads Pro Plugin <= 4.89 - Unauthenticated Time-Based SQL Injection via bsa_pro_id

CVE-2025-4381 HIGH

Ads Pro Plugin <= 4.89 - Unauthenticated SQL Injection via getSpace()

CVE-2025-6963 HIGH

Campcodes Employee Management System 1.0 - SQL Injection via myprofile.php ID Parameter

CVE-2025-6962 HIGH

Campcodes Employee Management System 1.0 - SQL Injection via /myprofileup.php ID Parameter

CVE-2025-6961 HIGH

Campcodes Employee Management System 1.0 - SQL Injection via /mark.php ID Parameter

CVE-2025-6960 HIGH

Campcodes Employee Management System 1.0 - SQL Injection via ID Parameter in /empproject.php

CVE-2025-6959 HIGH

Campcodes Employee Management System 1.0 - SQL Injection via ID Parameter in eloginwel.php

CVE-2025-6958 HIGH

Campcodes Employee Management System 1.0 - SQL Injection via /edit.php ID Parameter

CVE-2025-6957 HIGH

Campcodes Employee Management System 1.0 - SQL Injection via mailuid Parameter

CVE-2025-34059 HIGH

Dahua Smart Cloud Gateway Registration Management Platform - SQL In...

CVE-2025-6956 HIGH

Campcodes Employee Management System 1.0 - SQL Injection via /changepassemp.php ID Parameter

CVE-2025-6955 HIGH

Campcodes Employee Management System 1.0 - SQL Injection via mailuid Parameter in aprocess.php

Previous Page 145 of 785 Next

Details

Vulnerabilities 19,612

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy