CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,612 vulnerabilities with CWE-89
CVE-2025-6413 MEDIUM
PHPGurukul Art Gallery Management System 1.1 - SQL Injection via editid Parameter
CVSS 6.3
CVE-2025-6412 MEDIUM
PHPGurukul Art Gallery Management System 1.1 - SQL Injection via editid Parameter
CVSS 6.3
CVE-2025-6411 MEDIUM
PHPGurukul Art Gallery Management System 1.1 - SQL Injection via /admin/changepropic.php imageid Parameter
CVSS 6.3
CVE-2025-6410 MEDIUM
PHPGurukul Art Gallery Management System 1.1 - SQL Injection via editid Parameter
CVSS 6.3
CVE-2025-6409 HIGH
PHPGurukul Art Gallery Management System 1.1 - SQL Injection via Forgot Password Email Parameter
CVSS 7.3
CVE-2025-6408 HIGH
Campcodes Online Hospital Management System 1.0 - SQL Injection via searchdata Parameter
CVSS 7.3
CVE-2025-6407 HIGH
Campcodes Online Hospital Management System 1.0 - SQL Injection via Username Parameter in /user-login.php
CVSS 7.3
CVE-2025-6406 HIGH
Campcodes Online Hospital Management System 1.0 - SQL Injection via Forgot Password Fullname Parameter
CVSS 7.3
CVE-2025-6405 HIGH
Campcodes Online Teacher Record Management System 1.0 - SQL Injection via editid Parameter
CVSS 7.3
CVE-2025-6404 HIGH
Campcodes Online Teacher Record Management System 1.0 - SQL Injection via searchdata Parameter
CVSS 7.3
CVE-2025-6403 HIGH
School Fees Payment System 1.0 - SQL Injection via /student.php ID Parameter
CVSS 7.3
CVE-2025-6394 HIGH
Simple Online Hotel Reservation System 1.0 - SQL Injection via firstname Parameter
CVSS 7.3
CVE-2025-6364 HIGH
Simple Pizza Ordering System 1.0 - SQL Injection via Username Parameter in /adduser-exec.php
CVSS 7.3
CVE-2025-6363 HIGH
Simple Pizza Ordering System 1.0 - SQL Injection via ingname Parameter
CVSS 7.3
CVE-2025-6362 HIGH
Simple Pizza Ordering System 1.0 - SQL Injection via /editpro.php ID Parameter
CVSS 7.3
CVE-2025-6361 HIGH
Simple Pizza Ordering System 1.0 - SQL Injection via userid Parameter in adds.php
CVSS 7.3
CVE-2025-6360 HIGH
Simple Pizza Ordering System 1.0 - SQL Injection via /portal.php ID Parameter
CVSS 7.3
CVE-2025-6359 HIGH
Simple Pizza Ordering System 1.0 - SQL Injection via transactioncode Parameter
CVSS 7.3
CVE-2025-6358 HIGH
Simple Pizza Ordering System 1.0 - SQL Injection via ID Parameter in saveorder.php
CVSS 7.3
CVE-2025-6357 HIGH
Simple Pizza Ordering System 1.0 - SQL Injection via Payment Portal Person Parameter
CVSS 7.3
CVE-2025-6356 HIGH
Simple Pizza Ordering System 1.0 - SQL Injection via /addmem.php
CVSS 7.3
CVE-2025-6355 HIGH
Online Hotel Reservation System 1.0 - SQL Injection via userid Parameter in execeditroom.php
CVSS 7.3
CVE-2025-6354 HIGH
code-projects Online Shoe Store 1.0 - SQL Injection via Email Parameter in Customer Signup
CVSS 7.3
CVE-2025-6351 MEDIUM
Employee Record Management System 1.0 - SQL Injection via emp1name Parameter
CVSS 6.3
CVE-2025-6346 MEDIUM
Advance Charity Management System 1.0 - SQL Injection via m06 Parameter in fundDetails.php
CVSS 6.3
Details
Vulnerabilities 19,612
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits