Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-89

CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,620 vulnerabilities with CWE-89

CVE-2025-5214 HIGH

Kashipara Responsive Online Learning Platform 1.0 - SQL Injection via ID Parameter

CVE-2025-5213 HIGH

Responsive E-Learning System 1.0 - SQL Injection via /admin/delete_file.php ID Parameter

CVE-2025-5212 HIGH

PHPGurukul Employee Record Management System 1.3 - SQL Injection via emp1name Parameter

CVE-2025-5211 HIGH

PHPGurukul Employee Record Management System 1.3 - SQL Injection via EmpCode Parameter

CVE-2025-5210 HIGH

PHPGurukul Employee Record Management System 1.3 - SQL Injection via Email Parameter in loginerms.php

CVE-2025-5208 HIGH

Online Hospital Management System 1.0 - SQL Injection via Email Parameter in check_availability.php

CVE-2025-5207 MEDIUM

Client Database Management System 1.0 - SQL Injection via /superadmin_update_profile.php Nickname/Email Parameter

CVE-2025-5206 MEDIUM

Pixelimity 1.0 - SQL Injection via /install/index.php site_description Parameter

CVE-2025-5205 HIGH

1000 Projects Daily College Class Work Report Book 1.0 - SQL Injection via Date Parameter in /dcwr_entry.php

CVE-2025-40666 CRITICAL

TCMAN GIM v11 - Time-Based Blind SQL Injection via ArbolID Parameter

CVE-2025-40665 CRITICAL

TCMAN GIM v11 - Time-Based Blind SQL Injection via ArbolID Parameter

CVE-2025-5176 HIGH

Realce Tecnologia Queue Ticket Kiosk < 2025-05-17 - SQL Injection via Admin Login Page Usurio Parameter

CVE-2025-5172 HIGH

econtrata < 2025-05-16 - SQL Injection via /valida usuario Parameter

CVE-2025-5170 MEDIUM

llisoft MTA Maita Training System 4.5 - SQL Injection via AdminShitiListRequestVo stTypeIds Parameter

CVE-2025-5155 MEDIUM

FoxCMS 1.2.5 - SQL Injection via batchCope Function

CVE-2025-5152 MEDIUM

Chanjet CRM < 20250510 - SQL Injection via gblOrgID Parameter

CVE-2025-5128 HIGH

ScriptAndTools Real-Estate-website-in-PHP 1.0 - SQL Injection via Admin Login Panel Password Argument

CVE-2025-5119 HIGH

Emlog Pro 2.5.11 - SQL Injection via Tag Parameter in API Controller

CVE-2025-48735 MEDIUM

BOS IPCs <21.45.8.2.3 - SQL Injection

CVE-2025-5107 MEDIUM

Fujian Kelixun 1.0 - SQL Injection via uuid Parameter in xml_cdr_details.php

CVE-2025-48283 CRITICAL

Majestic Support <1.1.0 - SQL Injection

CVE-2025-47671 HIGH

LETSCMS MLM Software <3.0 - SQL Injection

CVE-2025-47640 CRITICAL

Printcart Web to Print Product Designer for WooCommerce <2.3.8 - SQ...

CVE-2025-47599 CRITICAL

Facturante <= 1.11 - SQL Injection

CVE-2025-47575 HIGH

Mojoomla School Mgmt <92.0.0 - SQL Injection

Previous Page 165 of 785 Next

Details

Vulnerabilities 19,620

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy