CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,621 vulnerabilities with CWE-89
CVE-2025-4718
HIGH
Campcodes Sales and Inventory System 1.0 - SQL Injection via customer_add.php last Parameter
CVSS 7.3
CVE-2025-4717
HIGH
PHPGurukul Company Visitor Management System 2.0 - SQL Injection via fullname Parameter
CVSS 7.3
CVE-2025-4716
HIGH
Campcodes Sales and Inventory System 1.0 - SQL Injection via prod_name Parameter
CVSS 7.3
CVE-2025-4715
HIGH
Campcodes Sales and Inventory System 1.0 - SQL Injection via cid Parameter in view_application.php
CVSS 7.3
CVE-2025-47785
HIGH
emlog <= 2.5.9 - Authenticated SQL Injection via $origContent Parameter
CVSS 8.3
CVE-2025-2248
MEDIUM
WP-PManager < 1.2 - Authenticated SQL Injection
CVSS 5.4
CVE-2025-2203
MEDIUM
FunnelKit Funnel Builder < 3.10.2 - Authenticated SQL Injection
CVSS 6.1
CVE-2025-4714
HIGH
Campcodes Sales and Inventory System 1.0 - SQL Injection via Reprint Page sid Parameter
CVSS 7.3
CVE-2025-4713
HIGH
Campcodes Sales and Inventory System 1.0 - SQL Injection via Print Page SID Parameter
CVSS 7.3
CVE-2025-4712
HIGH
Campcodes Sales and Inventory System 1.0 - SQL Injection via cid Parameter in Account Summary Page
CVSS 7.3
CVE-2025-4711
HIGH
Campcodes Sales and Inventory System 1.0 - SQL Injection via prod_name Parameter
CVSS 7.3
CVE-2025-4710
HIGH
Campcodes Sales and Inventory System 1.0 - SQL Injection via Transaction Page CID Parameter
CVSS 7.3
CVE-2025-4709
HIGH
Campcodes Sales and Inventory System 1.0 - SQL Injection via /pages/transaction_del.php ID Parameter
CVSS 7.3
CVE-2025-4708
HIGH
Campcodes Sales and Inventory System 1.0 - SQL Injection via discount Parameter in sales_add.php
CVSS 7.3
CVE-2025-4707
HIGH
Campcodes Sales and Inventory System 1.0 - SQL Injection via prod_name Parameter
CVSS 7.3
CVE-2025-4706
HIGH
projectworlds Online Examination System 1.0 - SQL Injection via Visit_year Parameter
CVSS 7.3
CVE-2025-4705
HIGH
PHPGurukul Vehicle Parking Management System 1.13 - SQL Injection via viewid Parameter
CVSS 7.3
CVE-2025-4704
HIGH
PHPGurukul Vehicle Parking Management System 1.13 - SQL Injection via editid Parameter
CVSS 7.3
CVE-2025-4703
HIGH
PHPGurukul Vehicle Parking Management System 1.13 - SQL Injection via Admin Profile Contact Number Parameter
CVSS 7.3
CVE-2025-4702
HIGH
PHPGurukul Vehicle Parking Management System 1.13 - SQL Injection via catename Parameter
CVSS 7.3
CVE-2025-46053
MEDIUM
WebERP 4.15.2 - SQL Injection via ReportID and ReplaceReportID Parameters
CVSS 5.1
CVE-2025-4699
HIGH
PHPGurukul Apartment Visitors Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-4698
HIGH
PHPGurukul Directory Management System 2.0 - SQL Injection
CVSS 7.3
CVE-2025-46052
CRITICAL
WebERP 4.15.2 - SQL Injection via StockCounts.php DEL Form Field
CVSS 9.8
CVE-2025-4697
HIGH
PHPGurukul Directory Management System 2.0 - SQL Injection
CVSS 7.3
Details
Vulnerabilities
19,621
Exploit Likelihood
High