CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,621 vulnerabilities with CWE-89
CVE-2025-4465 HIGH
Gym Management System 1.0 - SQL Injection via member_id Parameter in save_schedule Action
CVSS 7.3
CVE-2025-4464 HIGH
Gym Management System 1.0 - SQL Injection via /ajax.php Plan Parameter
CVSS 7.3
CVE-2025-4463 HIGH
Gym Management System 1.0 - SQL Injection via ID Parameter in /ajax.php
CVSS 7.3
CVE-2025-4459 MEDIUM
code-projects Patient Record Management System 1.0 - SQL Injection via fecalysis_form.php itr_no Parameter
CVSS 6.3
CVE-2025-4458 MEDIUM
code-projects Patient Record Management System 1.0 - SQL Injection via /edit_upatient.php ID Parameter
CVSS 6.3
CVE-2025-4457 HIGH
Project Worlds Car Rental Project 1.0 - SQL Injection via /admin/approve.php ID Parameter
CVSS 7.3
CVE-2025-4456 HIGH
Project Worlds Car Rental Project 1.0 - SQL Injection via Signup Page Fname Parameter
CVSS 7.3
CVE-2025-45820 MEDIUM
Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 - SQL Injection in pop_author_edit.php
CVSS 6.5
CVE-2025-45819 MEDIUM
Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 - SQL Injection in Author Module
CVSS 6.5
CVE-2025-45818 MEDIUM
Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 - SQL Injection in Item Status Module
CVSS 6.5
CVE-2025-46828 CRITICAL
WeGIA <= 3.3.0 - Unauthenticated SQL Injection via /html/socio/sistema/get_socios.php Query Parameter
CVSS 9.8
CVE-2025-47657 CRITICAL
Productive Minds Productive Commerce <1.1.22 - SQL Injection
CVSS 9.3
CVE-2025-47643 HIGH
ELEX Product Feed for WooCommerce <3.1.2 - SQL Injection
CVSS 7.6
CVE-2025-47587 HIGH
YayCommerce YaySMTP <= 2.6.4 - Blind SQL Injection
CVSS 7.6
CVE-2025-47544 HIGH
Dynamic Pricing With Discount Rules for WooCommerce <= 4.5.8 - Blind SQL Injection
CVSS 7.6
CVE-2025-47538 HIGH
Cart tracking for WooCommerce <= 1.0.17 - SQL Injection
CVSS 7.6
CVE-2025-47537 HIGH
add-ons.org PDF Invoices <5.3.8 - SQL Injection
CVSS 7.6
CVE-2025-47490 HIGH
Rustaurius Ultimate WP Mail <1.3.4 - SQL Injection
CVSS 8.5
CVE-2025-47460 HIGH
TrackShip for WooCommerce <1.9.1 - SQL Injection
CVSS 7.6
CVE-2025-29153 MEDIUM
lemeconsultoria HCM galera.app 4.58.0 - SQL Injection via Data Export Filters
CVSS 5.4
CVE-2025-0668 CRITICAL
BOINC Server < 1.4.5 - Stored Cross-Site Scripting
CVSS 9.8
CVE-2025-0853 HIGH
PGS Core <= 5.8.0 - Unauthenticated SQL Injection via Event Parameter in save_header_builder Function
CVSS 7.5
CVE-2025-44073 CRITICAL
SeaCMS v13.3 - SQL Injection via admin_comment_news.php
CVSS 9.8
CVE-2025-4363 HIGH
Gym Management System 1.0 - SQL Injection via /ajax.php rid Parameter
CVSS 7.3
CVE-2025-4362 HIGH
Gym Management System 1.0 - SQL Injection via member_id Parameter in save_membership Action
CVSS 7.3
Details
Vulnerabilities 19,621
Exploit Likelihood High