CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,623 vulnerabilities with CWE-89
CVE-2025-4363 HIGH
Gym Management System 1.0 - SQL Injection via /ajax.php rid Parameter
CVSS 7.3
CVE-2025-4362 HIGH
Gym Management System 1.0 - SQL Injection via member_id Parameter in save_membership Action
CVSS 7.3
CVE-2025-4361 HIGH
PHPGurukul Company Visitor Management System 2.0 - SQL Injection via Department Name Parameter
CVSS 7.3
CVE-2025-4360 HIGH
Gym Management System 1.0 - SQL Injection via /view_member.php ID Parameter
CVSS 7.3
CVE-2025-4359 HIGH
Gym Management System 1.0 - SQL Injection via ID Parameter in /ajax.php
CVSS 7.3
CVE-2025-4358 HIGH
PHPGurukul Company Visitor Management System 2.0 - SQL Injection via admin-profile.php
CVSS 7.3
CVE-2025-4353 MEDIUM
Brilliance Golden Link Secondary System < 2025-04-24 - SQL Injection via dictCn1 Parameter
CVSS 6.3
CVE-2025-4352 MEDIUM
Brilliance Golden Link Secondary System < 2025-04-24 - SQL Injection via custTradeId Parameter
CVSS 6.3
CVE-2025-40624 CRITICAL
TCMAN GIM v11 - Unauthenticated SQL Injection via User and Email Parameters
CVSS 9.8
CVE-2025-40623 CRITICAL
TCMAN GIM v11 - Unauthenticated SQL Injection via Sender and Email Parameters
CVSS 9.8
CVE-2025-40622 CRITICAL
TCMAN GIM v11 - Unauthenticated SQL Injection via Username Parameter
CVSS 9.8
CVE-2025-40621 CRITICAL
TCMAN GIM v11 - Unauthenticated SQL Injection via ValidateUserAndGetData User Parameter
CVSS 9.8
CVE-2025-40620 CRITICAL
TCMAN GIM v11 - Unauthenticated SQL Injection via ValidateUserAndWS User Parameter
CVSS 9.8
CVE-2025-2011 HIGH
WordPress Depicter Plugin SQL Injection (CVE-2025-2011)
CVSS 7.5
CVE-2025-4332 HIGH
PHPGurukul Company Visitor Management System 2.0 - SQL Injection via editid/remark Parameter
CVSS 7.3
CVE-2025-4331 HIGH
Online Student Clearance System 1.0 - SQL Injection via Admin Login Parameters
CVSS 7.3
CVE-2025-4314 HIGH
Advanced Web Store 1.0 - SQL Injection via txtLogin Parameter
CVSS 7.3
CVE-2025-4313 HIGH
Advanced Web Store 1.0 - SQL Injection via txtProdId Parameter
CVSS 7.3
CVE-2025-4312 HIGH
Advanced Web Store 1.0 - SQL Injection via prodid Parameter in productdetail.php
CVSS 7.3
CVE-2025-4311 HIGH
itsourcecode Content Management System 1.0 - SQL Injection via stopic_id Parameter
CVSS 7.3
CVE-2025-4309 HIGH
PHPGurukul Art Gallery Management System 1.1 - SQL Injection via arttype Parameter
CVSS 7.3
CVE-2025-4308 HIGH
PHPGurukul Art Gallery Management System 1.1 - SQL Injection via arttype Parameter in add-art-type.php
CVSS 7.3
CVE-2025-4307 HIGH
PHPGurukul Art Gallery Management System 1.1 - SQL Injection via /admin/add-art-medium.php artmed Parameter
CVSS 7.3
CVE-2025-4306 HIGH
PHPGurukul Nipah Virus Testing Management System 1.0 - SQL Injection via mobilenumber Parameter
CVSS 7.3
CVE-2025-4304 HIGH
PHPGurukul Cyber Cafe Management System 1.0 - SQL Injection via mobilenumber Parameter
CVSS 7.3
Details
Vulnerabilities 19,623
Exploit Likelihood High