CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,623 vulnerabilities with CWE-89
CVE-2025-4226 HIGH
PHPGurukul/Campcodes Cyber Cafe Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-4214 HIGH
PHPGuruku Online DJ Booking Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-4213 HIGH
PHPGurukul Online Birth Certificate System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-4204 HIGH
WordPress Ultimate Auction Pro <1.5.2 - SQL Injection
CVSS 7.5
CVE-2025-2812 CRITICAL
Mydata Ticket Sales Automation < 2025-04-03 - Blind SQL Injection
CVSS 9.8
CVE-2025-3708 CRITICAL
Le-show Le-yan < 3.2.25 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2025-3707 MEDIUM
sun.net ehrd_ctms < 10.13 - Authenticated SQL Injection
CVSS 6.5
CVE-2025-4197 MEDIUM
code-projects Patient Record Management System 1.0 - SQL Injection via edit_xpatient.php lastname Parameter
CVSS 6.3
CVE-2025-4196 MEDIUM
SourceCodester Patient Record Management System 1.0 - SQL Injection via birthing.php comp_id Parameter
CVSS 6.3
CVE-2025-4195 HIGH
Gym Management System 1.0 - SQL Injection via umember_id Parameter in /ajax.php
CVSS 7.3
CVE-2025-4193 HIGH
itsourcecode Restaurant Management System 1.0 - SQL Injection via Category Parameter in category_update.php
CVSS 7.3
CVE-2025-4192 HIGH
itsourcecode Restaurant Management System 1.0 - SQL Injection via Category Parameter in /admin/category_save.php
CVSS 7.3
CVE-2025-4191 HIGH
PHPGurukul Employee Record Management System 1.3 - SQL Injection via editmyeducation.php coursepg/yophsc Parameter
CVSS 7.3
CVE-2025-4176 HIGH
PHPGurukul Blood Bank & Donor Management System 2.4 - SQL Injection via searchdata Parameter
CVSS 7.3
CVE-2025-4174 HIGH
PHPGurukul COVID19 Testing Management System 1.0 - SQL Injection via Username Parameter in Login
CVSS 7.3
CVE-2025-46337 CRITICAL
ADOdb < 5.22.9 - SQL Injection via pg_insert_id()
CVSS 10.0
CVE-2025-4173 MEDIUM
SourceCodester Online Eyewear Shop 1.0 - SQL Injection via Master.php delete_cart ID Parameter
CVSS 6.3
CVE-2025-4164 HIGH
PHPGurukul Employee Record Management System 1.3 - SQL Injection via changepassword.php currentpassword Parameter
CVSS 7.3
CVE-2025-4163 MEDIUM
PHPGurukul Land Record System 1.0 - SQL Injection via pagetitle Parameter
CVSS 6.3
CVE-2025-4157 MEDIUM
PHPGurukul Boat Booking System 1.0 - SQL Injection via Status Parameter in Booking Details
CVSS 6.3
CVE-2025-4156 MEDIUM
PHPGurukul Boat Booking System 1.0 - SQL Injection via /admin/change-image.php ID Parameter
CVSS 6.3
CVE-2025-4155 MEDIUM
PHPGurukul Boat Booking System 1.0 - SQL Injection via /admin/edit-boat.php bid Parameter
CVSS 6.3
CVE-2025-4154 MEDIUM
PHPGurukul Pre-School Enrollment System 1.0 - SQL Injection via Status Parameter in /admin/enrollment-details.php
CVSS 6.3
CVE-2025-4153 HIGH
PHPGurukul Park Ticketing Management System 2.0 - SQL Injection via adminname Parameter
CVSS 7.3
CVE-2025-4152 HIGH
PHPGurukul Online Birth Certificate System 1.0 - SQL Injection via fromdate Parameter
CVSS 7.3
Details
Vulnerabilities 19,623
Exploit Likelihood High