CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,621 vulnerabilities with CWE-89
CVE-2025-4507 HIGH
Campcodes Online Food Ordering System 1.0 - SQL Injection via Price Parameter in add-item.php
CVSS 7.3
CVE-2025-4506 HIGH
Campcodes Online Food Ordering System 1.0 - SQL Injection via menu-router.php 1_price Parameter
CVSS 7.3
CVE-2025-4505 HIGH
PHPGurukul Apartment Visitors Management System 1.0 - SQL Injection via categoryname Parameter
CVSS 7.3
CVE-2025-4504 HIGH
Online College Library System 1.0 - SQL Injection via Category Parameter
CVSS 7.3
CVE-2025-4503 HIGH
Campcodes Sales and Inventory System 1.0 - SQL Injection via Customer Update ID Parameter
CVSS 7.3
CVE-2025-4502 HIGH
Campcodes Sales and Inventory System 1.0 - SQL Injection via /pages/creditor_add.php
CVSS 7.3
CVE-2025-4492 HIGH
Campcodes Online Food Ordering System 1.0 - SQL Injection via ticket_id Parameter
CVSS 7.3
CVE-2025-4491 HIGH
Campcodes Online Food Ordering System 1.0 - SQL Injection via ticket_id Parameter
CVSS 7.3
CVE-2025-4490 HIGH
Campcodes Online Food Ordering System 1.0 - SQL Injection via /view-ticket-admin.php ID Parameter
CVSS 7.3
CVE-2025-4489 HIGH
Campcodes Online Food Ordering System 1.0 - SQL Injection via t1_verified Parameter
CVSS 7.3
CVE-2025-4488 HIGH
Gym Management System 1.0 - SQL Injection via ID Parameter in /ajax.php
CVSS 7.3
CVE-2025-4487 HIGH
Gym Management System 1.0 - SQL Injection via /ajax.php ID Parameter
CVSS 7.3
CVE-2025-4486 HIGH
Gym Management System 1.0 - SQL Injection via ID Parameter in /ajax.php
CVSS 7.3
CVE-2025-4485 HIGH
Gym Management System 1.0 - SQL Injection via ID Parameter in /ajax.php
CVSS 7.3
CVE-2025-4484 HIGH
Gym Management System 1.0 - SQL Injection via /ajax.php ID Parameter
CVSS 7.3
CVE-2025-4483 HIGH
Gym Management System 1.0 - SQL Injection via /view_pdetails.php ID Parameter
CVSS 7.3
CVE-2025-4482 HIGH
Project Worlds Student Project Allocation System 1.0 - SQL Injection via Pat_BloodGroup1 Parameter
CVSS 7.3
CVE-2025-4481 HIGH
SourceCodester Apartment Visitor Management System 1.0 - SQL Injection via searchdata Parameter
CVSS 7.3
CVE-2025-46192 CRITICAL
SourceCodester Client Database Management System 1.0 - SQL Injection via order_id Parameter
CVSS 9.8
CVE-2025-46190 CRITICAL
SourceCodester Client Database Management System 1.0 - SQL Injection via order_id POST Parameter
CVSS 9.8
CVE-2025-46189 CRITICAL
SourceCodester Client Database Management System 1.0 - SQL Injection via order_id POST Parameter
CVSS 9.8
CVE-2025-46188 CRITICAL
SourceCodester Client Database Management System 1.0 - SQL Injection in superadmin_phpmyadmin.php
CVSS 9.8
CVE-2025-45885 CRITICAL
PHPGURUKUL Vehicle Parking Management System v1.13 - SQL Injection via Email Parameter
CVSS 9.8
CVE-2025-4467 HIGH
Online Student Clearance System 1.0 - SQL Injection via Edit Admin Page Parameters
CVSS 7.3
CVE-2025-4466 HIGH
Gym Management System 1.0 - SQL Injection via registration_id Parameter in /ajax.php
CVSS 7.3
Details
Vulnerabilities 19,621
Exploit Likelihood High