CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,621 vulnerabilities with CWE-89
CVE-2025-4778 MEDIUM
PHPGurukul Park Ticketing Management System 2.0 - SQL Injection via searchdata Parameter
CVSS 6.3
CVE-2025-4777 MEDIUM
PHPGurukul Park Ticketing Management System 2.0 - SQL Injection via viewid Parameter
CVSS 6.3
CVE-2025-4773 HIGH
PHPGurukul Online Course Registration 3.1 - SQL Injection via /admin/level.php level Parameter
CVSS 7.3
CVE-2025-4772 HIGH
PHPGurukul Online Course Registration 3.1 - SQL Injection via Department Parameter
CVSS 7.3
CVE-2025-4771 HIGH
PHPGurukul Online Course Registration 3.1 - SQL Injection via coursecode Parameter
CVSS 7.3
CVE-2025-4770 MEDIUM
PHPGurukul Park Ticketing Management System 2.0 - SQL Injection via viewid Parameter
CVSS 6.3
CVE-2025-4766 HIGH
PHPGurukul Zoo Management System 2.1 - SQL Injection via Profile Contact Number Parameter
CVSS 7.3
CVE-2025-4765 HIGH
PHPGurukul Zoo Management System 2.1 - SQL Injection via mobnum Parameter in Contactus
CVSS 7.3
CVE-2025-4761 HIGH
PHPGurukul Complaint Management System 2.0 - SQL Injection via Mobile Number Parameter
CVSS 7.3
CVE-2025-4758 HIGH
PHPGurukul Beauty Parlour Management System 1.1 - SQL Injection via Contact Form fname Parameter
CVSS 7.3
CVE-2025-4757 HIGH
PHPGurukul Beauty Parlour Management System 1.1 - SQL Injection via Forgot Password Email Parameter
CVSS 7.3
CVE-2025-4746 HIGH
Campcodes Sales and Inventory System 1.0 - SQL Injection via pr_id Parameter in purchase_delete.php
CVSS 7.3
CVE-2025-4743 MEDIUM
Employee Record System 1.0 - SQL Injection via /dashboard/getData.php keywords Parameter
CVSS 6.3
CVE-2025-4741 HIGH
Campcodes Sales and Inventory System 1.0 - SQL Injection via Purchase Add Page ID Parameter
CVSS 7.3
CVE-2025-4739 HIGH
projectworlds Hospital Database Management System 1.0 - SQL Injection via Med_ID Parameter
CVSS 7.3
CVE-2025-4736 HIGH
PHPGurukul Daily Expense Tracker 1.1 - SQL Injection via Email Parameter in Register Endpoint
CVSS 7.3
CVE-2025-4734 HIGH
Campcodes Sales and Inventory System 1.0 - SQL Injection via /pages/ci_update.php id/name Parameter
CVSS 7.3
CVE-2025-4728 HIGH
Best Online News Portal 1.0 - SQL Injection via searchtitle Parameter
CVSS 7.3
CVE-2025-4726 HIGH
Placement Management System 1.0 - SQL Injection via ID Parameter in view_student.php
CVSS 7.3
CVE-2025-4725 HIGH
Placement Management System 1.0 - SQL Injection via ID Parameter in view_drive.php
CVSS 7.3
CVE-2025-4724 HIGH
Placement Management System 1.0 - SQL Injection via /student_profile.php ID Parameter
CVSS 7.3
CVE-2025-4723 HIGH
Placement Management System 1.0 - SQL Injection via all_student.php Delete Parameter
CVSS 7.3
CVE-2025-4722 HIGH
Placement Management System 1.0 - SQL Injection via Name Parameter in edit_profile.php
CVSS 7.3
CVE-2025-4721 HIGH
Placement Management System 1.0 - SQL Injection via ID Parameter in drive.php
CVSS 7.3
CVE-2025-4719 HIGH
Campcodes Sales and Inventory System 1.0 - SQL Injection via cid Parameter in Cash Transaction Page
CVSS 7.3
Details
Vulnerabilities 19,621
Exploit Likelihood High