CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,621 vulnerabilities with CWE-89
CVE-2025-4696
MEDIUM
PHPGurukul/Campcodes Cyber Cafe Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-4695
MEDIUM
PHPGurukul/Campcodes Cyber Cafe Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-3834
HIGH
ManageEngine ADAudit Plus <= 8510 - Authenticated SQL Injection in OU History Report
CVSS 8.1
CVE-2025-3833
HIGH
ManageEngine ADSelfService Plus <= 6513 - Authenticated SQL Injection in MFA Reports
CVSS 8.1
CVE-2025-28056
CRITICAL
rebuild 3.9.0-3.9.3 - SQL Injection in Admin CLI Exec Component
CVSS 9.8
CVE-2025-44831
CRITICAL
EngineerCMS 1.02-2.0.5 - SQL Injection via Project Add Interface
CVSS 9.8
CVE-2025-28057
HIGH
owl_admin 3.2.2-4.10.2 - SQL Injection via /admin-api/system/admin_menus/save_order
CVSS 7.2
CVE-2025-40628
CRITICAL
DomainsPRO 1.2 - SQL Injection via Article.php d Parameter
CVE-2025-26390
CRITICAL
Siemens OZW672 and OZW772 Firmware < 6.0 - Unauthenticated SQL Injection in Authentication Check
CVSS 9.8
CVE-2025-3107
MEDIUM
Newsletters plugin <4.9.9.8 - SQL Injection
CVSS 6.5
CVE-2025-4396
HIGH
Relevanssi - A Better Search <4.24.4, <=2.27.4 - SQL Injection
CVSS 7.5
CVE-2025-47682
CRITICAL
Cozy Vision SMS Alert Order Notifications <= 3.8.1 - SQL Injection
CVSS 9.3
CVE-2025-44830
CRITICAL
EngineerCMS 1.02-2.0.5 - SQL Injection via /project/addprojtemplet Interface
CVSS 9.8
CVE-2025-4559
CRITICAL
ISOinsight from Netvision - SQL Injection
CVSS 9.8
CVE-2025-4554
HIGH
PHPGurukul Apartment Visitors Management System 1.0 - SQL Injection via fromdate/todate Parameters
CVSS 7.3
CVE-2025-4553
HIGH
PHPGurukul Apartment Visitors Management System 1.0 - SQL Injection via fromdate/todate Parameters
CVSS 7.3
CVE-2025-4550
HIGH
PHPGurukul Apartment Visitors Management System 1.0 - SQL Injection via /admin/pass-details.php pid Parameter
CVSS 7.3
CVE-2025-4549
HIGH
Campcodes Online Food Ordering System 1.0 - SQL Injection via Name Parameter in Register Router
CVSS 7.3
CVE-2025-4548
HIGH
Campcodes Online Food Ordering System 1.0 - SQL Injection via Username Parameter in router.php
CVSS 7.3
CVE-2025-4543
HIGH
LyLme Spage 2.1 - SQL Injection via sort Argument
CVSS 7.3
CVE-2025-4541
MEDIUM
lmxcms 1.41 - SQL Injection via POST Request Handler sortid Parameter
CVSS 6.3
CVE-2025-4514
MEDIUM
mayicms < 5.8e - SQL Injection via /javascript.php Value Parameter
CVSS 6.3
CVE-2025-4510
MEDIUM
Changjietong UFIDA CRM 1.0 - SQL Injection
CVSS 6.3
CVE-2025-4509
HIGH
PHPGurukul e-Diary Management System 1.0 - SQL Injection via ID Parameter in manage-notes.php
CVSS 7.3
CVE-2025-4508
HIGH
PHPGurukul e-Diary Management System 1.0 - SQL Injection via fname Parameter
CVSS 7.3
Details
Vulnerabilities
19,621
Exploit Likelihood
High