CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,618 vulnerabilities with CWE-89
CVE-2025-5676
HIGH
Campcodes Online Recruitment Management System 1.0 - SQL Injection via Username Parameter in Login
CVSS 7.3
CVE-2025-5675
HIGH
Campcodes Online Teacher Record Management System 1.0 - SQL Injection via fromdate/todate Parameters
CVSS 7.3
CVE-2025-5674
MEDIUM
Patient Record Management System 1.0 - SQL Injection via urinalysis_id Parameter
CVSS 6.3
CVE-2025-5670
MEDIUM
PHPGurukul Medical Card Generation System 1.0 - SQL Injection via ID Parameter in manage-card.php
CVSS 6.3
CVE-2025-5669
MEDIUM
PHPGurukul Medical Card Generation System 1.0 - SQL Injection via ID Parameter in /admin/unreadenq.php
CVSS 6.3
CVE-2025-5668
MEDIUM
PHPGurukul Medical Card Generation System 1.0 - SQL Injection via /admin/readenq.php ID Parameter
CVSS 6.3
CVE-2025-5663
HIGH
PHPGurukul Auto Taxi Stand Management System 1.0 - SQL Injection via searchdata Parameter
CVSS 7.3
CVE-2025-27753
MEDIUM
RSMediaGallery 1.7.4-2.1.6 - SQL Injection
CVSS 6.5
CVE-2025-5660
MEDIUM
PHPGurukul Complaint Management System 2.0 - SQL Injection via noc Parameter
CVSS 6.3
CVE-2025-5659
MEDIUM
PHPGurukul Complaint Management System 2.0 - SQL Injection via Profile Pincode Parameter
CVSS 6.3
CVE-2025-5658
MEDIUM
PHPGurukul Complaint Management System 2.0 - SQL Injection via Status Parameter in updatecomplaint.php
CVSS 6.3
CVE-2025-5657
MEDIUM
PHPGurukul Complaint Management System 2.0 - SQL Injection via uid Parameter in manage-users.php
CVSS 6.3
CVE-2025-5656
MEDIUM
PHPGurukul Complaint Management System 2.0 - SQL Injection via Edit Category Description Parameter
CVSS 6.3
CVE-2025-5655
MEDIUM
PHPGurukul Complaint Management System 2.0 - SQL Injection via /admin/edit-subcategory.php Subcategory Parameter
CVSS 6.3
CVE-2025-5654
MEDIUM
PHPGurukul Complaint Management System 2.0 - SQL Injection via /admin/edit-state.php Description Parameter
CVSS 6.3
CVE-2025-5653
MEDIUM
PHPGurukul Complaint Management System 2.0 - SQL Injection via fromdate/todate Parameters
CVSS 6.3
CVE-2025-5652
MEDIUM
PHPGurukul Complaint Management System 2.0 - SQL Injection via fromdate/todate Parameters
CVSS 6.3
CVE-2025-5650
HIGH
1000projects Online Notice Board 1.0 - SQL Injection via fname Parameter
CVSS 7.3
CVE-2025-4568
CRITICAL
2ClickPortal < 7.14.3 - Unauthenticated Boolean-Based Blind SQL Injection via changes__reference_id Parameter
CVE-2025-5639
HIGH
PHPGurukul Notice Board System 1.0 - SQL Injection via Forgot Password Email Parameter
CVSS 7.3
CVE-2025-5638
MEDIUM
PHPGurukul Notice Board System 1.0 - SQL Injection via mobilenumber Parameter
CVSS 6.3
CVE-2025-1793
CRITICAL
run-llama/llama_index <v0.12.21 - SQL Injection
CVSS 9.8
CVE-2025-5633
MEDIUM
News-Buzz 1.0 - SQL Injection via /admin/users.php Delete Parameter
CVSS 6.3
CVE-2025-5632
MEDIUM
News-Buzz 1.0 - SQL Injection via /admin/users.php change_to_admin Parameter
CVSS 6.3
CVE-2025-5631
HIGH
News-Buzz 1.0 - SQL Injection via PublicPosts Post Parameter
CVSS 7.3
Details
Vulnerabilities
19,618
Exploit Likelihood
High