CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,621 vulnerabilities with CWE-89
CVE-2025-4507
HIGH
Campcodes Online Food Ordering System 1.0 - SQL Injection via Price Parameter in add-item.php
CVSS 7.3
CVE-2025-4506
HIGH
Campcodes Online Food Ordering System 1.0 - SQL Injection via menu-router.php 1_price Parameter
CVSS 7.3
CVE-2025-4505
HIGH
PHPGurukul Apartment Visitors Management System 1.0 - SQL Injection via categoryname Parameter
CVSS 7.3
CVE-2025-4504
HIGH
Online College Library System 1.0 - SQL Injection via Category Parameter
CVSS 7.3
CVE-2025-4503
HIGH
Campcodes Sales and Inventory System 1.0 - SQL Injection via Customer Update ID Parameter
CVSS 7.3
CVE-2025-4502
HIGH
Campcodes Sales and Inventory System 1.0 - SQL Injection via /pages/creditor_add.php
CVSS 7.3
CVE-2025-4492
HIGH
Campcodes Online Food Ordering System 1.0 - SQL Injection via ticket_id Parameter
CVSS 7.3
CVE-2025-4491
HIGH
Campcodes Online Food Ordering System 1.0 - SQL Injection via ticket_id Parameter
CVSS 7.3
CVE-2025-4490
HIGH
Campcodes Online Food Ordering System 1.0 - SQL Injection via /view-ticket-admin.php ID Parameter
CVSS 7.3
CVE-2025-4489
HIGH
Campcodes Online Food Ordering System 1.0 - SQL Injection via t1_verified Parameter
CVSS 7.3
CVE-2025-4488
HIGH
Gym Management System 1.0 - SQL Injection via ID Parameter in /ajax.php
CVSS 7.3
CVE-2025-4487
HIGH
Gym Management System 1.0 - SQL Injection via /ajax.php ID Parameter
CVSS 7.3
CVE-2025-4486
HIGH
Gym Management System 1.0 - SQL Injection via ID Parameter in /ajax.php
CVSS 7.3
CVE-2025-4485
HIGH
Gym Management System 1.0 - SQL Injection via ID Parameter in /ajax.php
CVSS 7.3
CVE-2025-4484
HIGH
Gym Management System 1.0 - SQL Injection via /ajax.php ID Parameter
CVSS 7.3
CVE-2025-4483
HIGH
Gym Management System 1.0 - SQL Injection via /view_pdetails.php ID Parameter
CVSS 7.3
CVE-2025-4482
HIGH
Project Worlds Student Project Allocation System 1.0 - SQL Injection via Pat_BloodGroup1 Parameter
CVSS 7.3
CVE-2025-4481
HIGH
SourceCodester Apartment Visitor Management System 1.0 - SQL Injection via searchdata Parameter
CVSS 7.3
CVE-2025-46192
CRITICAL
SourceCodester Client Database Management System 1.0 - SQL Injection via order_id Parameter
CVSS 9.8
CVE-2025-46190
CRITICAL
SourceCodester Client Database Management System 1.0 - SQL Injection via order_id POST Parameter
CVSS 9.8
CVE-2025-46189
CRITICAL
SourceCodester Client Database Management System 1.0 - SQL Injection via order_id POST Parameter
CVSS 9.8
CVE-2025-46188
CRITICAL
SourceCodester Client Database Management System 1.0 - SQL Injection in superadmin_phpmyadmin.php
CVSS 9.8
CVE-2025-45885
CRITICAL
PHPGURUKUL Vehicle Parking Management System v1.13 - SQL Injection via Email Parameter
CVSS 9.8
CVE-2025-4467
HIGH
Online Student Clearance System 1.0 - SQL Injection via Edit Admin Page Parameters
CVSS 7.3
CVE-2025-4466
HIGH
Gym Management System 1.0 - SQL Injection via registration_id Parameter in /ajax.php
CVSS 7.3
Details
Vulnerabilities
19,621
Exploit Likelihood
High