CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,620 vulnerabilities with CWE-89
CVE-2025-4935 HIGH
SourceCodester Stock Management System 1.0 - SQL Injection via changePassword.php user_id Parameter
CVSS 7.3
CVE-2025-4934 HIGH
PHPGurukul User Registration & Login and User Management System 3.3 - SQL Injection via Contact Parameter
CVSS 7.3
CVE-2025-4933 MEDIUM
ponaravindb Hospital-Management-System 1.0 - SQL Injection via /doctor-panel.php ID Parameter
CVSS 6.3
CVE-2025-4932 HIGH
Online Lawyer Management System 1.0 - SQL Injection via Email Parameter in Lawyer Registration
CVSS 7.3
CVE-2025-4931 HIGH
Online Lawyer Management System 1.0 - SQL Injection via Email Parameter in User Registration
CVSS 7.3
CVE-2025-4930 HIGH
Campcodes Online Shopping Portal 1.0 - SQL Injection via billingaddress Parameter
CVSS 7.3
CVE-2025-4929 HIGH
Campcodes Online Shopping Portal 1.0 - SQL Injection via Name Parameter in /my-account.php
CVSS 7.3
CVE-2025-4928 HIGH
Online Lawyer Management System 1.0 - SQL Injection via save_lawyer_edit_profile.php
CVSS 7.3
CVE-2025-4927 HIGH
PHPGurukul Online Marriage Registration System 1.0 - SQL Injection via fromdate/todate Parameters
CVSS 7.3
CVE-2025-4925 HIGH
PHPGurukul Daily Expense Tracker System 1.1 - SQL Injection via fromdate/todate Parameters
CVSS 7.3
CVE-2025-4924 HIGH
SourceCodester Client Database Management System 1.0 - SQL Injection via order_id Parameter
CVSS 7.3
CVE-2025-4917 HIGH
PHPGurukul Auto Taxi Stand Management System 1.0 - SQL Injection via drivername Parameter
CVSS 7.3
CVE-2025-4916 HIGH
PHPGurukul Auto Taxi Stand Management System 1.0 - SQL Injection via Admin Profile Mobile Number Parameter
CVSS 7.3
CVE-2025-4915 HIGH
PHPGurukul Auto Taxi Stand Management System 1.0 - SQL Injection via Price Parameter
CVSS 7.3
CVE-2025-4914 HIGH
PHPGurukul Auto Taxi Stand Management System 1.0 - SQL Injection via Forgot Password Email Parameter
CVSS 7.3
CVE-2025-4913 HIGH
PHPGurukul Auto Taxi Stand Management System 1.0 - SQL Injection via Username Parameter
CVSS 7.3
CVE-2025-4911 HIGH
PHPGurukul Zoo Management System 2.1 - SQL Injection via viewid Parameter
CVSS 7.3
CVE-2025-4910 HIGH
PHPGurukul Zoo Management System 2.1 - SQL Injection via aname Parameter
CVSS 7.3
CVE-2025-4908 HIGH
PHPGurukul Daily Expense Tracker System 1.1 - SQL Injection via fromdate/todate Parameters
CVSS 7.3
CVE-2025-4907 HIGH
PHPGurukul Daily Expense Tracker System 1.1 - SQL Injection via Forgot Password Email Parameter
CVSS 7.3
CVE-2025-4906 HIGH
PHPGurukul Notice Board System 1.0 - SQL Injection via Username Parameter in Login
CVSS 7.3
CVE-2025-4900 HIGH
Campcodes Sales and Inventory System 1.0 - SQL Injection via Payment Page cid Parameter
CVSS 7.3
CVE-2025-4899 HIGH
Campcodes Sales and Inventory System 1.0 - SQL Injection via Transaction Update ID Parameter
CVSS 7.3
CVE-2025-4895 HIGH
SourceCodester Doctors Appointment System 1.0 - SQL Injection via ID Parameter in Delete Session
CVSS 7.3
CVE-2025-4886 HIGH
Sales and Inventory System 1.0 - SQL Injection via serial Parameter in product_update.php
CVSS 7.3
Details
Vulnerabilities 19,620
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits