CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,620 vulnerabilities with CWE-89
CVE-2025-4806 MEDIUM
SourceCodester/oretnom23 Stock Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-4795 MEDIUM
schoolcms 2.3.1 - SQL Injection via SaveInfo Function ID Parameter
CVSS 4.7
CVE-2025-4794 HIGH
PHPGurukul Online Course Registration 3.1 - SQL Injection via News Title Parameter
CVSS 7.3
CVE-2025-4793 HIGH
PHPGurukul Online Course Registration 3.1 - SQL Injection via cgpa Parameter
CVSS 7.3
CVE-2025-4787 MEDIUM
SourceCodester Stock Management System 1.0 - SQL Injection via Sales View ID Parameter
CVSS 6.3
CVE-2025-4786 MEDIUM
oretnom23 Stock Management System 1.0 - SQL Injection via /admin/?page=return/view_return ID Parameter
CVSS 6.3
CVE-2025-48137 HIGH
proxymis Interview <= 1.01 - SQL Injection
CVSS 8.5
CVE-2025-47567 HIGH
LambertGroup Video Player & FullScreen Video Background <2.4.1 - SQ...
CVSS 7.6
CVE-2025-39481 CRITICAL
imithemes Eventer < 3.11.4 - Blind SQL Injection
CVSS 9.3
CVE-2025-32643 CRITICAL
Mojoomla WPGYM <65.0 - SQL Injection
CVSS 9.3
CVE-2025-32307 HIGH
LambertGroup Chameleon HTML5 Audio Player - SQL Injection
CVSS 8.5
CVE-2025-32306 HIGH
LambertGroup Radio Player Shoutcast & Icecast WP <4.4.6 - SQL Injec...
CVSS 8.5
CVE-2025-32301 HIGH
CountDown Pro WP Plugin <2.7 - SQL Injection
CVSS 8.5
CVE-2025-32290 HIGH
LambertGroup Sticky HTML5 Music Player <3.1.6 - SQL Injection
CVSS 8.5
CVE-2025-32287 HIGH
LambertGroup Responsive HTML5 Audio Player PRO With Playlist <3.5.7...
CVSS 8.5
CVE-2025-31928 HIGH
LambertGroup Multimedia Responsive Carousel - SQL Injection
CVSS 8.5
CVE-2025-31926 HIGH
LambertGroup Sticky Radio Player <3.4 - SQL Injection
CVSS 8.5
CVE-2025-31641 HIGH
LambertGroup UberSlider <2.3 - SQL Injection
CVSS 8.5
CVE-2025-31640 HIGH
LambertGroup Magic Responsive Slider and Carousel <1.4 - SQL Injection
CVSS 8.5
CVE-2025-31637 HIGH
LambertGroup SHOUT <3.5.3 - SQL Injection
CVSS 8.5
CVE-2025-4785 HIGH
PHPGurukul Daily Expense Tracker System 1.1 - SQL Injection via User Profile Fullname/Contactnumber
CVSS 7.3
CVE-2025-4782 MEDIUM
SourceCodester oretnom23 Stock Management System 1.0 - SQL Injection via ID Parameter
CVSS 6.3
CVE-2025-4781 MEDIUM
Park Ticketing Management System 2.0 - SQL Injection via Forgot Password Email/Contact Parameter
CVSS 6.3
CVE-2025-4780 MEDIUM
PHPGurukul Park Ticketing Management System 2.0 - SQL Injection via searchdata Parameter in foreigner-search.php
CVSS 6.3
CVE-2025-4778 MEDIUM
PHPGurukul Park Ticketing Management System 2.0 - SQL Injection via searchdata Parameter
CVSS 6.3
Details
Vulnerabilities 19,620
Exploit Likelihood High