CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,621 vulnerabilities with CWE-89
CVE-2025-4778
MEDIUM
PHPGurukul Park Ticketing Management System 2.0 - SQL Injection via searchdata Parameter
CVSS 6.3
CVE-2025-4777
MEDIUM
PHPGurukul Park Ticketing Management System 2.0 - SQL Injection via viewid Parameter
CVSS 6.3
CVE-2025-4773
HIGH
PHPGurukul Online Course Registration 3.1 - SQL Injection via /admin/level.php level Parameter
CVSS 7.3
CVE-2025-4772
HIGH
PHPGurukul Online Course Registration 3.1 - SQL Injection via Department Parameter
CVSS 7.3
CVE-2025-4771
HIGH
PHPGurukul Online Course Registration 3.1 - SQL Injection via coursecode Parameter
CVSS 7.3
CVE-2025-4770
MEDIUM
PHPGurukul Park Ticketing Management System 2.0 - SQL Injection via viewid Parameter
CVSS 6.3
CVE-2025-4766
HIGH
PHPGurukul Zoo Management System 2.1 - SQL Injection via Profile Contact Number Parameter
CVSS 7.3
CVE-2025-4765
HIGH
PHPGurukul Zoo Management System 2.1 - SQL Injection via mobnum Parameter in Contactus
CVSS 7.3
CVE-2025-4761
HIGH
PHPGurukul Complaint Management System 2.0 - SQL Injection via Mobile Number Parameter
CVSS 7.3
CVE-2025-4758
HIGH
PHPGurukul Beauty Parlour Management System 1.1 - SQL Injection via Contact Form fname Parameter
CVSS 7.3
CVE-2025-4757
HIGH
PHPGurukul Beauty Parlour Management System 1.1 - SQL Injection via Forgot Password Email Parameter
CVSS 7.3
CVE-2025-4746
HIGH
Campcodes Sales and Inventory System 1.0 - SQL Injection via pr_id Parameter in purchase_delete.php
CVSS 7.3
CVE-2025-4743
MEDIUM
Employee Record System 1.0 - SQL Injection via /dashboard/getData.php keywords Parameter
CVSS 6.3
CVE-2025-4741
HIGH
Campcodes Sales and Inventory System 1.0 - SQL Injection via Purchase Add Page ID Parameter
CVSS 7.3
CVE-2025-4739
HIGH
projectworlds Hospital Database Management System 1.0 - SQL Injection via Med_ID Parameter
CVSS 7.3
CVE-2025-4736
HIGH
PHPGurukul Daily Expense Tracker 1.1 - SQL Injection via Email Parameter in Register Endpoint
CVSS 7.3
CVE-2025-4734
HIGH
Campcodes Sales and Inventory System 1.0 - SQL Injection via /pages/ci_update.php id/name Parameter
CVSS 7.3
CVE-2025-4728
HIGH
Best Online News Portal 1.0 - SQL Injection via searchtitle Parameter
CVSS 7.3
CVE-2025-4726
HIGH
Placement Management System 1.0 - SQL Injection via ID Parameter in view_student.php
CVSS 7.3
CVE-2025-4725
HIGH
Placement Management System 1.0 - SQL Injection via ID Parameter in view_drive.php
CVSS 7.3
CVE-2025-4724
HIGH
Placement Management System 1.0 - SQL Injection via /student_profile.php ID Parameter
CVSS 7.3
CVE-2025-4723
HIGH
Placement Management System 1.0 - SQL Injection via all_student.php Delete Parameter
CVSS 7.3
CVE-2025-4722
HIGH
Placement Management System 1.0 - SQL Injection via Name Parameter in edit_profile.php
CVSS 7.3
CVE-2025-4721
HIGH
Placement Management System 1.0 - SQL Injection via ID Parameter in drive.php
CVSS 7.3
CVE-2025-4719
HIGH
Campcodes Sales and Inventory System 1.0 - SQL Injection via cid Parameter in Cash Transaction Page
CVSS 7.3
Details
Vulnerabilities
19,621
Exploit Likelihood
High