Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-89

CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,612 vulnerabilities with CWE-89

CVE-2025-6604 MEDIUM

Best Salon Management System 1.0 - SQL Injection via Name Parameter in add-staff.php

CVE-2025-0966 HIGH

IBM InfoSphere Information Server 11.7 - SQL Injection

CVE-2025-6583 MEDIUM

SourceCodester Best Salon Management System 1.0 - SQL Injection

CVE-2025-6582 MEDIUM

SourceCodester Best Salon Management System 1.0 - SQL Injection

CVE-2025-6581 MEDIUM

SourceCodester Best Salon Management System 1.0 - SQL Injection

CVE-2025-6580 HIGH

SourceCodester Best Salon Management System 1.0 - SQL Injection

CVE-2025-6579 HIGH

code-projects Car Rental System 1.0 - SQL Injection

CVE-2025-6578 HIGH

Simple Online Hotel Reservation System 1.0 - SQL Injection

CVE-2025-49853 CRITICAL

ControlID iDSecure < 4.7.50.0 - SQL Injection

CVE-2025-6570 MEDIUM

PHPGurukul Hospital Management System 4.0 - SQL Injection

CVE-2025-6567 HIGH

Campcodes Online Recruitment Management System 1.0 - SQL Injection

CVE-2025-34038 HIGH

Weaver e-cology 8.0 - SQL Injection

CVE-2025-6535 MEDIUM

xxyopen/201206030 novel-plus <5.1.3 - SQL Injection

CVE-2025-46101 CRITICAL

Beakon Learning Management System SCORM < 5.4.3 - SQL Injection via ks Parameter

CVE-2025-6503 HIGH

Code-projects Inventory Management System 1.0 - SQL Injection

CVE-2025-6502 HIGH

Code-projects Inventory Management System 1.0 - SQL Injection

CVE-2025-6501 HIGH

Code-projects Inventory Management System 1.0 - SQL Injection

CVE-2025-6500 HIGH

Code-projects Inventory Management System 1.0 - SQL Injection

CVE-2025-6489 HIGH

Agri-Trading Online Shopping System 1.0 - SQL Injection via del Parameter in transactionsave.php

CVE-2025-6484 MEDIUM

Online Shopping Store 1.0 - SQL Injection via cat_id/brand_id/keyword/proId/pid Parameter

CVE-2025-6483 HIGH

Simple Pizza Ordering System 1.0 - SQL Injection via /edituser.php ID Parameter

CVE-2025-6482 HIGH

Simple Pizza Ordering System 1.0 - SQL Injection via edituser-exec.php userid Parameter

CVE-2025-6481 HIGH

Simple Pizza Ordering System 1.0 - SQL Injection via /update.php ID Parameter

CVE-2025-6480 HIGH

Simple Pizza Ordering System 1.0 - SQL Injection via /addcatexec.php textfield Parameter

CVE-2025-6479 HIGH

Simple Pizza Ordering System 1.0 - SQL Injection via salesreport.php dayfrom Parameter

Previous Page 150 of 785 Next

Details

Vulnerabilities 19,612

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy