CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,623 vulnerabilities with CWE-89
CVE-2025-4363
HIGH
Gym Management System 1.0 - SQL Injection via /ajax.php rid Parameter
CVSS 7.3
CVE-2025-4362
HIGH
Gym Management System 1.0 - SQL Injection via member_id Parameter in save_membership Action
CVSS 7.3
CVE-2025-4361
HIGH
PHPGurukul Company Visitor Management System 2.0 - SQL Injection via Department Name Parameter
CVSS 7.3
CVE-2025-4360
HIGH
Gym Management System 1.0 - SQL Injection via /view_member.php ID Parameter
CVSS 7.3
CVE-2025-4359
HIGH
Gym Management System 1.0 - SQL Injection via ID Parameter in /ajax.php
CVSS 7.3
CVE-2025-4358
HIGH
PHPGurukul Company Visitor Management System 2.0 - SQL Injection via admin-profile.php
CVSS 7.3
CVE-2025-4353
MEDIUM
Brilliance Golden Link Secondary System < 2025-04-24 - SQL Injection via dictCn1 Parameter
CVSS 6.3
CVE-2025-4352
MEDIUM
Brilliance Golden Link Secondary System < 2025-04-24 - SQL Injection via custTradeId Parameter
CVSS 6.3
CVE-2025-40624
CRITICAL
TCMAN GIM v11 - Unauthenticated SQL Injection via User and Email Parameters
CVSS 9.8
CVE-2025-40623
CRITICAL
TCMAN GIM v11 - Unauthenticated SQL Injection via Sender and Email Parameters
CVSS 9.8
CVE-2025-40622
CRITICAL
TCMAN GIM v11 - Unauthenticated SQL Injection via Username Parameter
CVSS 9.8
CVE-2025-40621
CRITICAL
TCMAN GIM v11 - Unauthenticated SQL Injection via ValidateUserAndGetData User Parameter
CVSS 9.8
CVE-2025-40620
CRITICAL
TCMAN GIM v11 - Unauthenticated SQL Injection via ValidateUserAndWS User Parameter
CVSS 9.8
CVE-2025-2011
HIGH
WordPress Depicter Plugin SQL Injection (CVE-2025-2011)
CVSS 7.5
CVE-2025-4332
HIGH
PHPGurukul Company Visitor Management System 2.0 - SQL Injection via editid/remark Parameter
CVSS 7.3
CVE-2025-4331
HIGH
Online Student Clearance System 1.0 - SQL Injection via Admin Login Parameters
CVSS 7.3
CVE-2025-4314
HIGH
Advanced Web Store 1.0 - SQL Injection via txtLogin Parameter
CVSS 7.3
CVE-2025-4313
HIGH
Advanced Web Store 1.0 - SQL Injection via txtProdId Parameter
CVSS 7.3
CVE-2025-4312
HIGH
Advanced Web Store 1.0 - SQL Injection via prodid Parameter in productdetail.php
CVSS 7.3
CVE-2025-4311
HIGH
itsourcecode Content Management System 1.0 - SQL Injection via stopic_id Parameter
CVSS 7.3
CVE-2025-4309
HIGH
PHPGurukul Art Gallery Management System 1.1 - SQL Injection via arttype Parameter
CVSS 7.3
CVE-2025-4308
HIGH
PHPGurukul Art Gallery Management System 1.1 - SQL Injection via arttype Parameter in add-art-type.php
CVSS 7.3
CVE-2025-4307
HIGH
PHPGurukul Art Gallery Management System 1.1 - SQL Injection via /admin/add-art-medium.php artmed Parameter
CVSS 7.3
CVE-2025-4306
HIGH
PHPGurukul Nipah Virus Testing Management System 1.0 - SQL Injection via mobilenumber Parameter
CVSS 7.3
CVE-2025-4304
HIGH
PHPGurukul Cyber Cafe Management System 1.0 - SQL Injection via mobilenumber Parameter
CVSS 7.3
Details
Vulnerabilities
19,623
Exploit Likelihood
High