CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,623 vulnerabilities with CWE-89
CVE-2025-4226
HIGH
PHPGurukul/Campcodes Cyber Cafe Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-4214
HIGH
PHPGuruku Online DJ Booking Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-4213
HIGH
PHPGurukul Online Birth Certificate System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-4204
HIGH
WordPress Ultimate Auction Pro <1.5.2 - SQL Injection
CVSS 7.5
CVE-2025-2812
CRITICAL
Mydata Ticket Sales Automation < 2025-04-03 - Blind SQL Injection
CVSS 9.8
CVE-2025-3708
CRITICAL
Le-show Le-yan < 3.2.25 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2025-3707
MEDIUM
sun.net ehrd_ctms < 10.13 - Authenticated SQL Injection
CVSS 6.5
CVE-2025-4197
MEDIUM
code-projects Patient Record Management System 1.0 - SQL Injection via edit_xpatient.php lastname Parameter
CVSS 6.3
CVE-2025-4196
MEDIUM
SourceCodester Patient Record Management System 1.0 - SQL Injection via birthing.php comp_id Parameter
CVSS 6.3
CVE-2025-4195
HIGH
Gym Management System 1.0 - SQL Injection via umember_id Parameter in /ajax.php
CVSS 7.3
CVE-2025-4193
HIGH
itsourcecode Restaurant Management System 1.0 - SQL Injection via Category Parameter in category_update.php
CVSS 7.3
CVE-2025-4192
HIGH
itsourcecode Restaurant Management System 1.0 - SQL Injection via Category Parameter in /admin/category_save.php
CVSS 7.3
CVE-2025-4191
HIGH
PHPGurukul Employee Record Management System 1.3 - SQL Injection via editmyeducation.php coursepg/yophsc Parameter
CVSS 7.3
CVE-2025-4176
HIGH
PHPGurukul Blood Bank & Donor Management System 2.4 - SQL Injection via searchdata Parameter
CVSS 7.3
CVE-2025-4174
HIGH
PHPGurukul COVID19 Testing Management System 1.0 - SQL Injection via Username Parameter in Login
CVSS 7.3
CVE-2025-46337
CRITICAL
ADOdb < 5.22.9 - SQL Injection via pg_insert_id()
CVSS 10.0
CVE-2025-4173
MEDIUM
SourceCodester Online Eyewear Shop 1.0 - SQL Injection via Master.php delete_cart ID Parameter
CVSS 6.3
CVE-2025-4164
HIGH
PHPGurukul Employee Record Management System 1.3 - SQL Injection via changepassword.php currentpassword Parameter
CVSS 7.3
CVE-2025-4163
MEDIUM
PHPGurukul Land Record System 1.0 - SQL Injection via pagetitle Parameter
CVSS 6.3
CVE-2025-4157
MEDIUM
PHPGurukul Boat Booking System 1.0 - SQL Injection via Status Parameter in Booking Details
CVSS 6.3
CVE-2025-4156
MEDIUM
PHPGurukul Boat Booking System 1.0 - SQL Injection via /admin/change-image.php ID Parameter
CVSS 6.3
CVE-2025-4155
MEDIUM
PHPGurukul Boat Booking System 1.0 - SQL Injection via /admin/edit-boat.php bid Parameter
CVSS 6.3
CVE-2025-4154
MEDIUM
PHPGurukul Pre-School Enrollment System 1.0 - SQL Injection via Status Parameter in /admin/enrollment-details.php
CVSS 6.3
CVE-2025-4153
HIGH
PHPGurukul Park Ticketing Management System 2.0 - SQL Injection via adminname Parameter
CVSS 7.3
CVE-2025-4152
HIGH
PHPGurukul Online Birth Certificate System 1.0 - SQL Injection via fromdate Parameter
CVSS 7.3
Details
Vulnerabilities
19,623
Exploit Likelihood
High