CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,618 vulnerabilities with CWE-89
CVE-2025-5431 MEDIUM
AssamLook CMS 1.0 - SQL Injection via Department Profile ID Parameter
CVSS 6.3
CVE-2025-3951 MEDIUM
WP-Optimize < 4.2.0 - Authenticated SQL Injection via Image Compression Status Check
CVSS 4.1
CVE-2025-5430 MEDIUM
AssamLook CMS 1.0 - SQL Injection via /product.php ID Parameter
CVSS 6.3
CVE-2025-5403 MEDIUM
chaitak-gorai Blogbook - SQL Injection via post_id Parameter
CVSS 6.3
CVE-2025-5402 HIGH
chaitak-gorai Blogbook < 2021-11-22 - SQL Injection via edit_post_id Parameter
CVSS 7.3
CVE-2025-5401 HIGH
chaitak-gorai Blogbook < 2021-11-22 - SQL Injection via p_id Parameter
CVSS 7.3
CVE-2025-5400 HIGH
chaitak-gorai/blogbook < 2021-11-22 - SQL Injection via u_id Parameter
CVSS 7.3
CVE-2025-5388 MEDIUM
JeeWMS < 2025-05-04 - SQL Injection via /generateController.do?dogenerate
CVSS 6.3
CVE-2025-5386 MEDIUM
JeeWMS < 2025-05-04 - SQL Injection via transEditor Function
CVSS 6.3
CVE-2025-5384 MEDIUM
JeeWMS < 2025-05-04 - SQL Injection via CgAutoListController
CVSS 6.3
CVE-2025-5376 HIGH
Health Center Patient Record Management System 1.0 - SQL Injection via patient.php itr_no Parameter
CVSS 7.3
CVE-2025-5375 MEDIUM
PHPGurukul Online Birth Certificate System 2.0 - SQL Injection via /admin/registered-users.php del Parameter
CVSS 6.3
CVE-2025-5374 MEDIUM
PHPGurukul Online Birth Certificate System 2.0 - SQL Injection via del Parameter in all-applications.php
CVSS 6.3
CVE-2025-5373 MEDIUM
PHPGurukul Online Birth Certificate System 2.0 - SQL Injection via userid Parameter
CVSS 6.3
CVE-2025-5371 HIGH
Health Center Patient Record Management System 1.0 - SQL Injection via Username Parameter
CVSS 7.3
CVE-2025-5370 HIGH
PHPGurukul News Portal 4.1 - SQL Injection via Username Parameter in Forgot Password
CVSS 7.3
CVE-2025-5369 HIGH
SourceCodester PHP Display Username After Login 1.0 - SQL Injection via Username Parameter
CVSS 7.3
CVE-2025-5368 MEDIUM
Daily Expense Tracker System 1.1 - SQL Injection via todate Parameter
CVSS 6.3
CVE-2025-5367 HIGH
PHPGurukul Online Shopping Portal Project 1.0 - SQL Injection via Product Argument
CVSS 7.3
CVE-2025-5365 HIGH
Campcodes Online Hospital Management System 1.0 - SQL Injection via searchdata Parameter
CVSS 7.3
CVE-2025-5364 HIGH
Campcodes Online Hospital Management System 1.0 - SQL Injection via patname Parameter
CVSS 7.3
CVE-2025-5363 HIGH
Campcodes Online Hospital Management System 1.0 - SQL Injection via Username Parameter in /doctor/index.php
CVSS 7.3
CVE-2025-5362 HIGH
Campcodes Online Hospital Management System 1.0 - SQL Injection via doctorspecilization Parameter
CVSS 7.3
CVE-2025-5361 HIGH
Campcodes Online Hospital Management System 1.0 - SQL Injection via Contact Form Fullname Parameter
CVSS 7.3
CVE-2025-5360 HIGH
Campcodes Online Hospital Management System 1.0 - SQL Injection via Doctor Parameter in Book Appointment
CVSS 7.3
Details
Vulnerabilities 19,618
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits