CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,621 vulnerabilities with CWE-89
CVE-2025-4465
HIGH
Gym Management System 1.0 - SQL Injection via member_id Parameter in save_schedule Action
CVSS 7.3
CVE-2025-4464
HIGH
Gym Management System 1.0 - SQL Injection via /ajax.php Plan Parameter
CVSS 7.3
CVE-2025-4463
HIGH
Gym Management System 1.0 - SQL Injection via ID Parameter in /ajax.php
CVSS 7.3
CVE-2025-4459
MEDIUM
code-projects Patient Record Management System 1.0 - SQL Injection via fecalysis_form.php itr_no Parameter
CVSS 6.3
CVE-2025-4458
MEDIUM
code-projects Patient Record Management System 1.0 - SQL Injection via /edit_upatient.php ID Parameter
CVSS 6.3
CVE-2025-4457
HIGH
Project Worlds Car Rental Project 1.0 - SQL Injection via /admin/approve.php ID Parameter
CVSS 7.3
CVE-2025-4456
HIGH
Project Worlds Car Rental Project 1.0 - SQL Injection via Signup Page Fname Parameter
CVSS 7.3
CVE-2025-45820
MEDIUM
Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 - SQL Injection in pop_author_edit.php
CVSS 6.5
CVE-2025-45819
MEDIUM
Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 - SQL Injection in Author Module
CVSS 6.5
CVE-2025-45818
MEDIUM
Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 - SQL Injection in Item Status Module
CVSS 6.5
CVE-2025-46828
CRITICAL
WeGIA <= 3.3.0 - Unauthenticated SQL Injection via /html/socio/sistema/get_socios.php Query Parameter
CVSS 9.8
CVE-2025-47657
CRITICAL
Productive Minds Productive Commerce <1.1.22 - SQL Injection
CVSS 9.3
CVE-2025-47643
HIGH
ELEX Product Feed for WooCommerce <3.1.2 - SQL Injection
CVSS 7.6
CVE-2025-47587
HIGH
YayCommerce YaySMTP <= 2.6.4 - Blind SQL Injection
CVSS 7.6
CVE-2025-47544
HIGH
Dynamic Pricing With Discount Rules for WooCommerce <= 4.5.8 - Blind SQL Injection
CVSS 7.6
CVE-2025-47538
HIGH
Cart tracking for WooCommerce <= 1.0.17 - SQL Injection
CVSS 7.6
CVE-2025-47537
HIGH
add-ons.org PDF Invoices <5.3.8 - SQL Injection
CVSS 7.6
CVE-2025-47490
HIGH
Rustaurius Ultimate WP Mail <1.3.4 - SQL Injection
CVSS 8.5
CVE-2025-47460
HIGH
TrackShip for WooCommerce <1.9.1 - SQL Injection
CVSS 7.6
CVE-2025-29153
MEDIUM
lemeconsultoria HCM galera.app 4.58.0 - SQL Injection via Data Export Filters
CVSS 5.4
CVE-2025-0668
CRITICAL
BOINC Server < 1.4.5 - Stored Cross-Site Scripting
CVSS 9.8
CVE-2025-0853
HIGH
PGS Core <= 5.8.0 - Unauthenticated SQL Injection via Event Parameter in save_header_builder Function
CVSS 7.5
CVE-2025-44073
CRITICAL
SeaCMS v13.3 - SQL Injection via admin_comment_news.php
CVSS 9.8
CVE-2025-4363
HIGH
Gym Management System 1.0 - SQL Injection via /ajax.php rid Parameter
CVSS 7.3
CVE-2025-4362
HIGH
Gym Management System 1.0 - SQL Injection via member_id Parameter in save_membership Action
CVSS 7.3
Details
Vulnerabilities
19,621
Exploit Likelihood
High