CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,620 vulnerabilities with CWE-89
CVE-2025-4885 HIGH
Sales and Inventory System 1.0 - SQL Injection via Product Add Serial Parameter
CVSS 7.3
CVE-2025-4884 HIGH
itsourcecode Restaurant Management System 1.0 - SQL Injection via /admin/assign_save.php Team Argument
CVSS 7.3
CVE-2025-4882 HIGH
itsourcecode Restaurant Management System 1.0 - SQL Injection via /admin/team_update.php team Parameter
CVSS 7.3
CVE-2025-4881 HIGH
itsourcecode Restaurant Management System 1.0 - SQL Injection via /admin/user_save.php Username Parameter
CVSS 7.3
CVE-2025-4880 HIGH
PHPGurukul News Portal 4.1 - SQL Injection via pagetitle Parameter in /admin/aboutus.php
CVSS 7.3
CVE-2025-4875 HIGH
Campcodes Online Shopping Portal 1.0 - SQL Injection via Forgot Password Email Parameter
CVSS 7.3
CVE-2025-4874 HIGH
PHPGurukul News Portal Project 4.1 - SQL Injection via Contactus Page Title Parameter
CVSS 7.3
CVE-2025-4873 HIGH
PHPGurukul News Portal 4.1 - SQL Injection via Username Parameter in Login
CVSS 7.3
CVE-2025-4870 HIGH
itsourcecode Restaurant Management System 1.0 - SQL Injection via /admin/menu_save.php Menu Parameter
CVSS 7.3
CVE-2025-4869 HIGH
itsourcecode Restaurant Management System 1.0 - SQL Injection via menu Parameter in member_update.php
CVSS 7.3
CVE-2025-4865 HIGH
Restaurant Management System 1.0 - SQL Injection via last Parameter
CVSS 7.3
CVE-2025-4864 HIGH
itsourcecode Restaurant Management System 1.0 - SQL Injection via /admin/finished.php ID Parameter
CVSS 7.3
CVE-2025-4863 MEDIUM
Advaya Softech GEMS ERP Portal 2.1 - SQL Injection via userId Parameter
CVSS 6.3
CVE-2025-4861 HIGH
PHPGurukul Beauty Parlour Management System 1.1 - SQL Injection via Admin Profile Contact Number Parameter
CVSS 7.3
CVE-2025-4837 HIGH
projectworlds Student Project Allocation System 1.0 - SQL Injection via mem1/mem2/mem3 Parameters
CVSS 7.3
CVE-2025-4836 HIGH
Projectworlds Life Insurance Management System 1.0 - SQL Injection via /deleteAgent.php agent_id Parameter
CVSS 7.3
CVE-2025-4818 HIGH
SourceCodester Doctor's Appointment System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-4817 HIGH
Sourcecodester Doctor's Appointment System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-4816 HIGH
SourceCodester Doctor's Appointment System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-4815 HIGH
Campcodes Sales and Inventory System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-4814 HIGH
Campcodes Sales & Inventory System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-4813 HIGH
PHPGurukul Human Metapneumovirus Testing Management System 1.0 - SQ...
CVSS 7.3
CVE-2025-4812 HIGH
PHPGurukul Human Metapneumovirus Testing Management System 1.0 - SQ...
CVSS 7.3
CVE-2025-4811 HIGH
CodeAstro Pharmacy Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-4808 MEDIUM
PHPGurukul Park Ticketing Management System 2.0 - SQL Injection
CVSS 6.3
Details
Vulnerabilities 19,620
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits