CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,613 vulnerabilities with CWE-89
CVE-2025-5755 HIGH
Open Source Clinic Management System 1.0 - SQL Injection via email Parameter in email_config.php
CVSS 7.3
CVE-2025-5729 MEDIUM
Health Center Patient Record Management System 1.0 - SQL Injection via birthing_record.php itr_no Parameter
CVSS 6.3
CVE-2025-5563 MEDIUM
WP-Addpub <= 1.2.8 - Authenticated SQL Injection via 'wp-addpub' Shortcode
CVSS 6.5
CVE-2025-4964 MEDIUM
WP Online Users Stats <= 1.0.0 - Authenticated Time-Based SQL Injection via table_name Parameter
CVSS 4.9
CVE-2025-5716 HIGH
Open Source Clinic Management System 1.0 - SQL Injection via Email Parameter in Login
CVSS 7.3
CVE-2025-5712 HIGH
Open Source Clinic Management System 1.0 - SQL Injection via Patient Parameter in Appointment.php
CVSS 7.3
CVE-2025-5711 HIGH
Real Estate Property Management System 1.0 - SQL Injection via cmbState Parameter
CVSS 7.3
CVE-2025-5710 HIGH
Real Estate Property Management System 1.0 - SQL Injection via txtStateName Parameter
CVSS 7.3
CVE-2025-5709 HIGH
Real Estate Property Management System 1.0 - SQL Injection via txtCategoryName Parameter
CVSS 7.3
CVE-2025-5708 HIGH
Real Estate Property Management System 1.0 - SQL Injection via NewsReport txtFrom Parameter
CVSS 7.3
CVE-2025-5707 HIGH
Human Metapneumovirus Testing Management System 1.0 - SQL Injection via testtype Parameter
CVSS 7.3
CVE-2025-5706 HIGH
Human Metapneumovirus Testing Management System 1.0 - SQL Injection via state Parameter
CVSS 7.3
CVE-2025-5705 HIGH
Real Estate Property Management System 1.0 - SQL Injection via cmbCat Parameter
CVSS 7.3
CVE-2025-5704 HIGH
Real Estate Property Management System 1.0 - SQL Injection via txtUserName Parameter
CVSS 7.3
CVE-2025-5698 MEDIUM
Brilliance Golden Link Secondary System < 2025-04-24 - SQL Injection via nodename Parameter in logSelect.htm
CVSS 6.3
CVE-2025-5697 MEDIUM
Brilliance Golden Link Secondary System < 2025-04-24 - SQL Injection via custTradeId Parameter
CVSS 6.3
CVE-2025-5696 MEDIUM
Brilliance Golden Link Secondary System < 2025-04-24 - SQL Injection via clientname Parameter
CVSS 6.3
CVE-2025-5694 MEDIUM
PHPGurukul Human Metapneumovirus Testing Management System 1.0 - SQL Injection via Search Report Result Parameter
CVSS 6.3
CVE-2025-5693 MEDIUM
Human Metapneumovirus Testing Management System 1.0 - SQL Injection via fromdate/todate Parameters
CVSS 6.3
CVE-2025-5677 HIGH
Campcodes Online Recruitment Management System 1.0 - SQL Injection via position_id Parameter
CVSS 7.3
CVE-2025-5676 HIGH
Campcodes Online Recruitment Management System 1.0 - SQL Injection via Username Parameter in Login
CVSS 7.3
CVE-2025-5675 HIGH
Campcodes Online Teacher Record Management System 1.0 - SQL Injection via fromdate/todate Parameters
CVSS 7.3
CVE-2025-5674 MEDIUM
Patient Record Management System 1.0 - SQL Injection via urinalysis_id Parameter
CVSS 6.3
CVE-2025-5670 MEDIUM
PHPGurukul Medical Card Generation System 1.0 - SQL Injection via ID Parameter in manage-card.php
CVSS 6.3
CVE-2025-5669 MEDIUM
PHPGurukul Medical Card Generation System 1.0 - SQL Injection via ID Parameter in /admin/unreadenq.php
CVSS 6.3
Details
Vulnerabilities 19,613
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits