CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,612 vulnerabilities with CWE-89
CVE-2025-6954 HIGH
Campcodes Employee Management System 1.0 - SQL Injection via /applyleave.php ID Parameter
CVSS 7.3
CVE-2025-6938 HIGH
Simple Pizza Ordering System 1.0 - SQL Injection via /editcus.php ID Parameter
CVSS 7.3
CVE-2025-6937 HIGH
Simple Pizza Ordering System 1.0 - SQL Injection via ID Parameter in large.php
CVSS 7.3
CVE-2025-6936 HIGH
Simple Pizza Ordering System 1.0 - SQL Injection via /addpro.php ID Parameter
CVSS 7.3
CVE-2025-6935 HIGH
Campcodes Sales and Inventory System 1.0 - SQL Injection via Payment Add Page CID Parameter
CVSS 7.3
CVE-2025-6930 MEDIUM
PHPGurukul Zoo Management System 2.1 - SQL Injection via ID Parameter in manage-foreigners-ticket.php
CVSS 6.3
CVE-2025-6929 MEDIUM
PHPGurukul Zoo Management System 2.1 - SQL Injection via viewid Parameter
CVSS 6.3
CVE-2025-6917 HIGH
Online Hotel Booking 1.0 - SQL Injection via uname Parameter
CVSS 7.3
CVE-2025-6915 MEDIUM
PHPGurukul Student Record System 3.2 - SQL Injection via /register.php Session Parameter
CVSS 6.3
CVE-2025-52895 HIGH
frappe < 14.94.3 - SQL Injection via Specially Crafted Request
CVSS 7.5
CVE-2025-6914 MEDIUM
PHPGurukul Student Record System 3.2 - SQL Injection via fmarks2 Parameter
CVSS 6.3
CVE-2025-6913 MEDIUM
PHPGurukul Student Record System 3.2 - SQL Injection via aemailid Parameter
CVSS 6.3
CVE-2025-6912 MEDIUM
PHPGurukul Student Record System 3.2 - SQL Injection via manage-students.php del Parameter
CVSS 6.3
CVE-2025-6911 MEDIUM
PHPGurukul Student Record System 3.2 - SQL Injection via manage-subjects.php del Parameter
CVSS 6.3
CVE-2025-6910 MEDIUM
PHPGurukul Student Record System 3.2 - SQL Injection via Session Parameter
CVSS 6.3
CVE-2025-6909 MEDIUM
PHPGurukul Old Age Home Management System 1.0 - SQL Injection via emeradd Parameter
CVSS 6.3
CVE-2025-6908 MEDIUM
PHPGurukul Old Age Home Management System 1.0 - SQL Injection via sertitle Parameter
CVSS 6.3
CVE-2025-6907 HIGH
Car Rental System 1.0 - SQL Injection via fname Parameter in book_car.php
CVSS 7.3
CVE-2025-6906 HIGH
Car Rental System 1.0 - SQL Injection via /login.php uname Parameter
CVSS 7.3
CVE-2025-6905 HIGH
Car Rental System 1.0 - SQL Injection via Signup Page Fname Parameter
CVSS 7.3
CVE-2025-6904 HIGH
Car Rental System 1.0 - SQL Injection via car_name Parameter
CVSS 7.3
CVE-2025-6903 HIGH
Car Rental System 1.0 - SQL Injection via /admin/approve.php ID Parameter
CVSS 7.3
CVE-2025-6902 HIGH
code-projects Inventory Management System 1.0 - SQL Injection via edituserName Parameter
CVSS 7.3
CVE-2025-6901 HIGH
code-projects Inventory Management System 1.0 - SQL Injection via UserID Parameter in removeUser.php
CVSS 7.3
CVE-2025-40731 CRITICAL
Daily Expense Manager 1.0 - SQL Injection via pname, pprice, and id Parameters
CVSS 9.8
Details
Vulnerabilities 19,612
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits