CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,621 vulnerabilities with CWE-89
CVE-2025-4718 HIGH
Campcodes Sales and Inventory System 1.0 - SQL Injection via customer_add.php last Parameter
CVSS 7.3
CVE-2025-4717 HIGH
PHPGurukul Company Visitor Management System 2.0 - SQL Injection via fullname Parameter
CVSS 7.3
CVE-2025-4716 HIGH
Campcodes Sales and Inventory System 1.0 - SQL Injection via prod_name Parameter
CVSS 7.3
CVE-2025-4715 HIGH
Campcodes Sales and Inventory System 1.0 - SQL Injection via cid Parameter in view_application.php
CVSS 7.3
CVE-2025-47785 HIGH
emlog <= 2.5.9 - Authenticated SQL Injection via $origContent Parameter
CVSS 8.3
CVE-2025-2248 MEDIUM
WP-PManager < 1.2 - Authenticated SQL Injection
CVSS 5.4
CVE-2025-2203 MEDIUM
FunnelKit Funnel Builder < 3.10.2 - Authenticated SQL Injection
CVSS 6.1
CVE-2025-4714 HIGH
Campcodes Sales and Inventory System 1.0 - SQL Injection via Reprint Page sid Parameter
CVSS 7.3
CVE-2025-4713 HIGH
Campcodes Sales and Inventory System 1.0 - SQL Injection via Print Page SID Parameter
CVSS 7.3
CVE-2025-4712 HIGH
Campcodes Sales and Inventory System 1.0 - SQL Injection via cid Parameter in Account Summary Page
CVSS 7.3
CVE-2025-4711 HIGH
Campcodes Sales and Inventory System 1.0 - SQL Injection via prod_name Parameter
CVSS 7.3
CVE-2025-4710 HIGH
Campcodes Sales and Inventory System 1.0 - SQL Injection via Transaction Page CID Parameter
CVSS 7.3
CVE-2025-4709 HIGH
Campcodes Sales and Inventory System 1.0 - SQL Injection via /pages/transaction_del.php ID Parameter
CVSS 7.3
CVE-2025-4708 HIGH
Campcodes Sales and Inventory System 1.0 - SQL Injection via discount Parameter in sales_add.php
CVSS 7.3
CVE-2025-4707 HIGH
Campcodes Sales and Inventory System 1.0 - SQL Injection via prod_name Parameter
CVSS 7.3
CVE-2025-4706 HIGH
projectworlds Online Examination System 1.0 - SQL Injection via Visit_year Parameter
CVSS 7.3
CVE-2025-4705 HIGH
PHPGurukul Vehicle Parking Management System 1.13 - SQL Injection via viewid Parameter
CVSS 7.3
CVE-2025-4704 HIGH
PHPGurukul Vehicle Parking Management System 1.13 - SQL Injection via editid Parameter
CVSS 7.3
CVE-2025-4703 HIGH
PHPGurukul Vehicle Parking Management System 1.13 - SQL Injection via Admin Profile Contact Number Parameter
CVSS 7.3
CVE-2025-4702 HIGH
PHPGurukul Vehicle Parking Management System 1.13 - SQL Injection via catename Parameter
CVSS 7.3
CVE-2025-46053 MEDIUM
WebERP 4.15.2 - SQL Injection via ReportID and ReplaceReportID Parameters
CVSS 5.1
CVE-2025-4699 HIGH
PHPGurukul Apartment Visitors Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-4698 HIGH
PHPGurukul Directory Management System 2.0 - SQL Injection
CVSS 7.3
CVE-2025-46052 CRITICAL
WebERP 4.15.2 - SQL Injection via StockCounts.php DEL Form Field
CVSS 9.8
CVE-2025-4697 HIGH
PHPGurukul Directory Management System 2.0 - SQL Injection
CVSS 7.3
Details
Vulnerabilities 19,621
Exploit Likelihood High