CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,621 vulnerabilities with CWE-89
CVE-2025-4696 MEDIUM
PHPGurukul/Campcodes Cyber Cafe Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-4695 MEDIUM
PHPGurukul/Campcodes Cyber Cafe Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-3834 HIGH
ManageEngine ADAudit Plus <= 8510 - Authenticated SQL Injection in OU History Report
CVSS 8.1
CVE-2025-3833 HIGH
ManageEngine ADSelfService Plus <= 6513 - Authenticated SQL Injection in MFA Reports
CVSS 8.1
CVE-2025-28056 CRITICAL
rebuild 3.9.0-3.9.3 - SQL Injection in Admin CLI Exec Component
CVSS 9.8
CVE-2025-44831 CRITICAL
EngineerCMS 1.02-2.0.5 - SQL Injection via Project Add Interface
CVSS 9.8
CVE-2025-28057 HIGH
owl_admin 3.2.2-4.10.2 - SQL Injection via /admin-api/system/admin_menus/save_order
CVSS 7.2
CVE-2025-40628 CRITICAL
DomainsPRO 1.2 - SQL Injection via Article.php d Parameter
CVE-2025-26390 CRITICAL
Siemens OZW672 and OZW772 Firmware < 6.0 - Unauthenticated SQL Injection in Authentication Check
CVSS 9.8
CVE-2025-3107 MEDIUM
Newsletters plugin <4.9.9.8 - SQL Injection
CVSS 6.5
CVE-2025-4396 HIGH
Relevanssi - A Better Search <4.24.4, <=2.27.4 - SQL Injection
CVSS 7.5
CVE-2025-47682 CRITICAL
Cozy Vision SMS Alert Order Notifications <= 3.8.1 - SQL Injection
CVSS 9.3
CVE-2025-44830 CRITICAL
EngineerCMS 1.02-2.0.5 - SQL Injection via /project/addprojtemplet Interface
CVSS 9.8
CVE-2025-4559 CRITICAL
ISOinsight from Netvision - SQL Injection
CVSS 9.8
CVE-2025-4554 HIGH
PHPGurukul Apartment Visitors Management System 1.0 - SQL Injection via fromdate/todate Parameters
CVSS 7.3
CVE-2025-4553 HIGH
PHPGurukul Apartment Visitors Management System 1.0 - SQL Injection via fromdate/todate Parameters
CVSS 7.3
CVE-2025-4550 HIGH
PHPGurukul Apartment Visitors Management System 1.0 - SQL Injection via /admin/pass-details.php pid Parameter
CVSS 7.3
CVE-2025-4549 HIGH
Campcodes Online Food Ordering System 1.0 - SQL Injection via Name Parameter in Register Router
CVSS 7.3
CVE-2025-4548 HIGH
Campcodes Online Food Ordering System 1.0 - SQL Injection via Username Parameter in router.php
CVSS 7.3
CVE-2025-4543 HIGH
LyLme Spage 2.1 - SQL Injection via sort Argument
CVSS 7.3
CVE-2025-4541 MEDIUM
lmxcms 1.41 - SQL Injection via POST Request Handler sortid Parameter
CVSS 6.3
CVE-2025-4514 MEDIUM
mayicms < 5.8e - SQL Injection via /javascript.php Value Parameter
CVSS 6.3
CVE-2025-4510 MEDIUM
Changjietong UFIDA CRM 1.0 - SQL Injection
CVSS 6.3
CVE-2025-4509 HIGH
PHPGurukul e-Diary Management System 1.0 - SQL Injection via ID Parameter in manage-notes.php
CVSS 7.3
CVE-2025-4508 HIGH
PHPGurukul e-Diary Management System 1.0 - SQL Injection via fname Parameter
CVSS 7.3
Details
Vulnerabilities 19,621
Exploit Likelihood High