CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,623 vulnerabilities with CWE-89
CVE-2025-4303 HIGH
PHPGurukul Human Metapneumovirus Testing Management System 1.0 - SQL Injection via empid Parameter
CVSS 7.3
CVE-2025-4301 HIGH
itsourcecode Content Management System 1.0 - SQL Injection via searchdata Parameter in search-notice.php
CVSS 7.3
CVE-2025-4300 HIGH
itsourcecode Content Management System 1.0 - SQL Injection via Search Parameter in search_list.php
CVSS 7.3
CVE-2025-4297 HIGH
PHPGurukul Men Salon Management System 2.0 - SQL Injection
CVSS 7.3
CVE-2025-44074 CRITICAL
SeaCMS v13.3 - SQL Injection via admin_topic.php
CVSS 9.8
CVE-2025-44072 CRITICAL
SeaCMS v13.3 - SQL Injection via admin_manager.php
CVSS 9.8
CVE-2025-4283 HIGH
SourceCodester/oretnom23 Stock Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-45240 MEDIUM
foxcms v1.2.5 - SQL Injection via DataBackup.php executeCommand Method
CVSS 6.5
CVE-2025-45322 HIGH
kashipara Online Service Management Portal V1.0 - SQL Injection via CheckStatus checkid Parameter
CVSS 8.8
CVE-2025-45321 HIGH
kashipara Online Service Management Portal V1.0 - SQL Injection via rPassword Parameter
CVSS 8.8
CVE-2025-26241 MEDIUM
osTicket <=1.17.5 - Authenticated SQL Injection via Search Keywords and Topic ID
CVSS 6.5
CVE-2025-4267 MEDIUM
SourceCodester/oretnom23 Stock Management System 1.0 - SQL Injection
CVSS 4.7
CVE-2025-4266 HIGH
PHPGurukul Notice Board System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-4265 HIGH
PHPGurukul Emergency Ambulance Hiring Portal 1.0 - SQL Injection
CVSS 7.3
CVE-2025-4264 HIGH
PHPGurukul Emergency Ambulance Hiring Portal 1.0 - SQL Injection
CVSS 7.3
CVE-2025-4263 HIGH
PHPGurukul Online DJ Booking Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-4262 HIGH
PHPGurukul Online DJ Booking Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-4250 HIGH
Nero Social Networking Site 1.0 - SQL Injection
CVSS 7.3
CVE-2025-4249 HIGH
PHPGurukul e-Diary Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-4248 MEDIUM
SourceCodester Simple To-Do List System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-4247 MEDIUM
SourceCodester Simple To-Do List System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-4244 MEDIUM
code-projects Online Bus Reservation System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-4243 MEDIUM
code-projects Online Bus Reservation System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-4242 HIGH
PHPGurukul Online Birth Certificate System 2.0 - SQL Injection
CVSS 7.3
CVE-2025-4241 HIGH
PHPGurukul Teacher Subject Allocation Management System 1.0 - SQL I...
CVSS 7.3
Details
Vulnerabilities 19,623
Exploit Likelihood High