CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,623 vulnerabilities with CWE-89
CVE-2025-4151 HIGH
PHPGurukul Curfew e-Pass Management System 1.0 - SQL Injection via fromdate Parameter
CVSS 7.3
CVE-2025-44194 HIGH
Simple Barangay Management System 1.0 - SQL Injection via view_household Page
CVSS 7.3
CVE-2025-44193 HIGH
Simple Barangay Management System 1.0 - SQL Injection via View Complaint Page
CVSS 7.6
CVE-2025-44192 CRITICAL
Simple Barangay Management System 1.0 - SQL Injection via view_clearance Page
CVSS 9.8
CVE-2025-45021 MEDIUM
PHPGurukul Directory Management System 2.0 - SQL Injection via Email Parameter
CVSS 5.3
CVE-2025-45019 MEDIUM
PHPGurukul Park Ticketing Management System 2.0 - SQL Injection via cprice Parameter
CVSS 5.4
CVE-2025-45018 CRITICAL
PHPGurukul Park Ticketing Management System 2.0 - SQL Injection via todate Parameter
CVSS 9.8
CVE-2025-45017 CRITICAL
PHPGurukul Park Ticketing Management System 2.0 - SQL Injection via edit-ticket.php tprice Parameter
CVSS 9.8
CVE-2025-45020 HIGH
PHPGurukul Park Ticketing Management System 2.0 - SQL Injection via todate Parameter
CVSS 7.2
CVE-2025-4113 MEDIUM
PHPGurukul Curfew e-Pass Management System 1.0 - SQL Injection via editid Parameter
CVSS 6.3
CVE-2025-4112 HIGH
PHPGurukul Student Record System 3.20 - SQL Injection via Course-Short Parameter
CVSS 7.3
CVE-2025-4111 MEDIUM
PHPGurukul Pre-School Enrollment System 1.0 - SQL Injection via Status Parameter
CVSS 6.3
CVE-2025-4110 MEDIUM
PHPGurukul Pre-School Enrollment System 1.0 - SQL Injection via mobilenumber Parameter
CVSS 6.3
CVE-2025-4109 MEDIUM
PHPGurukul Pre-School Enrollment System 1.0 - SQL Injection via mobilenumber Parameter
CVSS 6.3
CVE-2025-4108 HIGH
PHPGurukul Student Record System 3.20 - SQL Injection via sub1 Parameter in add-subject.php
CVSS 7.3
CVE-2025-2890 MEDIUM
TagDiv Opt-In Builder <1.7 - SQL Injection
CVSS 6.5
CVE-2025-4080 MEDIUM
PHPGurukul Online Nurse Hiring System 1.0 - SQL Injection via viewid Parameter
CVSS 6.3
CVE-2025-4074 HIGH
PHPGurukul Curfew e-Pass Management System 1.0 - SQL Injection via fromdate/todate Parameter
CVSS 7.3
CVE-2025-4073 HIGH
PHPGurukul Student Record System 3.20 - SQL Injection via Change Password Current Password Parameter
CVSS 7.3
CVE-2025-4072 MEDIUM
PHPGurukul Online Nurse Hiring System 1.0 - SQL Injection via /admin/edit-nurse.php
CVSS 6.3
CVE-2025-45956 HIGH
Sourcecodester Computer Laboratory Management System 1.0 - SQL Injection via manage_damage.php
CVSS 8.8
CVE-2025-4071 HIGH
PHPGurukul COVID19 Testing Management System 1.0 - SQL Injection via Status Parameter
CVSS 7.3
CVE-2025-4070 HIGH
PHPGurukul Rail Pass Management System 1.0 - SQL Injection via editid Parameter
CVSS 7.3
CVE-2025-40618 CRITICAL
Bookgy - SQL Injection via IDRESERVA Parameter
CVSS 9.8
CVE-2025-40617 CRITICAL
Bookgy - SQL Injection via IDTIPO IDPISTA IDSOCIO Parameters
CVSS 9.8
Details
Vulnerabilities 19,623
Exploit Likelihood High