CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,618 vulnerabilities with CWE-89
CVE-2025-5575 HIGH
PHPGurukul Dairy Farm Shop Management System 1.3 - SQL Injection
CVSS 7.3
CVE-2025-5574 HIGH
PHPGurukul Dairy Farm Shop Management System 1.3 - SQL Injection
CVSS 7.3
CVE-2025-5569 MEDIUM
ideacms < 1.7 - SQL Injection via Article/Goods Field Parameter
CVSS 6.3
CVE-2025-4578 CRITICAL
File Provider WordPress Plugin < 1.2.3 - Unauthenticated SQL Injection via AJAX Action
CVSS 9.8
CVE-2025-5566 MEDIUM
PHPGurukul Notice Board System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-5562 HIGH
PHPGurukul Curfew e-Pass Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-5561 HIGH
PHPGurukul Curfew e-Pass Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-5560 HIGH
PHPGurukul Curfew e-Pass Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-5558 MEDIUM
PHPGurukul Teacher Subject Allocation Management System 1.0 - SQL Injection via editid Parameter
CVSS 6.3
CVE-2025-5557 MEDIUM
PHPGurukul Teacher Subject Allocation Management System 1.0 - SQL Injection via editid Parameter
CVSS 6.3
CVE-2025-5556 MEDIUM
PHPGurukul Teacher Subject Allocation Management System 1.0 - SQL Injection via editid Parameter
CVSS 6.3
CVE-2025-5554 MEDIUM
PHPGurukul Rail Pass Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-5553 HIGH
PHPGurukul Rail Pass Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-5546 MEDIUM
PHPGurukul Daily Expense Tracker System 1.1 - SQL Injection
CVSS 6.3
CVE-2025-48998 HIGH
DataEase < 2.10.6 - Authenticated Arbitrary File Read and Deserialization via JDBC Connection
CVSS 8.8
CVE-2025-43923 MEDIUM
Unicom Focal Point 7.6.1 - Authenticated SQL Injection via Report Image Delete Parameter
CVSS 6.5
CVE-2025-46154 HIGH
Foxcms v1.25 - SQL Injection via installdb.php dbname Parameter
CVSS 8.4
CVE-2025-5493 MEDIUM
Baison Channel Middleware Product 2.0.1 - SQL Injection
CVSS 6.3
CVE-2025-5103 MEDIUM
Ultimate Gift Cards for WooCommerce <= 3.1.4 - Authenticated SQL Injection via default_price and product_id Parameters
CVSS 4.9
CVE-2025-45542 HIGH
CloudClassroom-PHP-Project v1.0 - SQL Injection via Registration Form Pass Parameter
CVSS 7.3
CVE-2025-1750 CRITICAL
run-llama/llama_index <v0.12.19 - SQL Injection
CVSS 9.8
CVE-2025-5435 HIGH
Marwal Infotech CMS 1.0 - SQL Injection
CVSS 7.3
CVE-2025-5434 HIGH
Aem Solutions CMS <1.0 - SQL Injection
CVSS 7.3
CVE-2025-5433 MEDIUM
Feng Office 3.5.1.5 - SQL Injection
CVSS 6.3
CVE-2025-5432 MEDIUM
AssamLook CMS 1.0 - SQL Injection via /view_tender.php ID Parameter
CVSS 6.3
Details
Vulnerabilities 19,618
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits