CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,620 vulnerabilities with CWE-89
CVE-2025-4806
MEDIUM
SourceCodester/oretnom23 Stock Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-4795
MEDIUM
schoolcms 2.3.1 - SQL Injection via SaveInfo Function ID Parameter
CVSS 4.7
CVE-2025-4794
HIGH
PHPGurukul Online Course Registration 3.1 - SQL Injection via News Title Parameter
CVSS 7.3
CVE-2025-4793
HIGH
PHPGurukul Online Course Registration 3.1 - SQL Injection via cgpa Parameter
CVSS 7.3
CVE-2025-4787
MEDIUM
SourceCodester Stock Management System 1.0 - SQL Injection via Sales View ID Parameter
CVSS 6.3
CVE-2025-4786
MEDIUM
oretnom23 Stock Management System 1.0 - SQL Injection via /admin/?page=return/view_return ID Parameter
CVSS 6.3
CVE-2025-48137
HIGH
proxymis Interview <= 1.01 - SQL Injection
CVSS 8.5
CVE-2025-47567
HIGH
LambertGroup Video Player & FullScreen Video Background <2.4.1 - SQ...
CVSS 7.6
CVE-2025-39481
CRITICAL
imithemes Eventer < 3.11.4 - Blind SQL Injection
CVSS 9.3
CVE-2025-32643
CRITICAL
Mojoomla WPGYM <65.0 - SQL Injection
CVSS 9.3
CVE-2025-32307
HIGH
LambertGroup Chameleon HTML5 Audio Player - SQL Injection
CVSS 8.5
CVE-2025-32306
HIGH
LambertGroup Radio Player Shoutcast & Icecast WP <4.4.6 - SQL Injec...
CVSS 8.5
CVE-2025-32301
HIGH
CountDown Pro WP Plugin <2.7 - SQL Injection
CVSS 8.5
CVE-2025-32290
HIGH
LambertGroup Sticky HTML5 Music Player <3.1.6 - SQL Injection
CVSS 8.5
CVE-2025-32287
HIGH
LambertGroup Responsive HTML5 Audio Player PRO With Playlist <3.5.7...
CVSS 8.5
CVE-2025-31928
HIGH
LambertGroup Multimedia Responsive Carousel - SQL Injection
CVSS 8.5
CVE-2025-31926
HIGH
LambertGroup Sticky Radio Player <3.4 - SQL Injection
CVSS 8.5
CVE-2025-31641
HIGH
LambertGroup UberSlider <2.3 - SQL Injection
CVSS 8.5
CVE-2025-31640
HIGH
LambertGroup Magic Responsive Slider and Carousel <1.4 - SQL Injection
CVSS 8.5
CVE-2025-31637
HIGH
LambertGroup SHOUT <3.5.3 - SQL Injection
CVSS 8.5
CVE-2025-4785
HIGH
PHPGurukul Daily Expense Tracker System 1.1 - SQL Injection via User Profile Fullname/Contactnumber
CVSS 7.3
CVE-2025-4782
MEDIUM
SourceCodester oretnom23 Stock Management System 1.0 - SQL Injection via ID Parameter
CVSS 6.3
CVE-2025-4781
MEDIUM
Park Ticketing Management System 2.0 - SQL Injection via Forgot Password Email/Contact Parameter
CVSS 6.3
CVE-2025-4780
MEDIUM
PHPGurukul Park Ticketing Management System 2.0 - SQL Injection via searchdata Parameter in foreigner-search.php
CVSS 6.3
CVE-2025-4778
MEDIUM
PHPGurukul Park Ticketing Management System 2.0 - SQL Injection via searchdata Parameter
CVSS 6.3
Details
Vulnerabilities
19,620
Exploit Likelihood
High