CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,623 vulnerabilities with CWE-89
CVE-2025-4151
HIGH
PHPGurukul Curfew e-Pass Management System 1.0 - SQL Injection via fromdate Parameter
CVSS 7.3
CVE-2025-44194
HIGH
Simple Barangay Management System 1.0 - SQL Injection via view_household Page
CVSS 7.3
CVE-2025-44193
HIGH
Simple Barangay Management System 1.0 - SQL Injection via View Complaint Page
CVSS 7.6
CVE-2025-44192
CRITICAL
Simple Barangay Management System 1.0 - SQL Injection via view_clearance Page
CVSS 9.8
CVE-2025-45021
MEDIUM
PHPGurukul Directory Management System 2.0 - SQL Injection via Email Parameter
CVSS 5.3
CVE-2025-45019
MEDIUM
PHPGurukul Park Ticketing Management System 2.0 - SQL Injection via cprice Parameter
CVSS 5.4
CVE-2025-45018
CRITICAL
PHPGurukul Park Ticketing Management System 2.0 - SQL Injection via todate Parameter
CVSS 9.8
CVE-2025-45017
CRITICAL
PHPGurukul Park Ticketing Management System 2.0 - SQL Injection via edit-ticket.php tprice Parameter
CVSS 9.8
CVE-2025-45020
HIGH
PHPGurukul Park Ticketing Management System 2.0 - SQL Injection via todate Parameter
CVSS 7.2
CVE-2025-4113
MEDIUM
PHPGurukul Curfew e-Pass Management System 1.0 - SQL Injection via editid Parameter
CVSS 6.3
CVE-2025-4112
HIGH
PHPGurukul Student Record System 3.20 - SQL Injection via Course-Short Parameter
CVSS 7.3
CVE-2025-4111
MEDIUM
PHPGurukul Pre-School Enrollment System 1.0 - SQL Injection via Status Parameter
CVSS 6.3
CVE-2025-4110
MEDIUM
PHPGurukul Pre-School Enrollment System 1.0 - SQL Injection via mobilenumber Parameter
CVSS 6.3
CVE-2025-4109
MEDIUM
PHPGurukul Pre-School Enrollment System 1.0 - SQL Injection via mobilenumber Parameter
CVSS 6.3
CVE-2025-4108
HIGH
PHPGurukul Student Record System 3.20 - SQL Injection via sub1 Parameter in add-subject.php
CVSS 7.3
CVE-2025-2890
MEDIUM
TagDiv Opt-In Builder <1.7 - SQL Injection
CVSS 6.5
CVE-2025-4080
MEDIUM
PHPGurukul Online Nurse Hiring System 1.0 - SQL Injection via viewid Parameter
CVSS 6.3
CVE-2025-4074
HIGH
PHPGurukul Curfew e-Pass Management System 1.0 - SQL Injection via fromdate/todate Parameter
CVSS 7.3
CVE-2025-4073
HIGH
PHPGurukul Student Record System 3.20 - SQL Injection via Change Password Current Password Parameter
CVSS 7.3
CVE-2025-4072
MEDIUM
PHPGurukul Online Nurse Hiring System 1.0 - SQL Injection via /admin/edit-nurse.php
CVSS 6.3
CVE-2025-45956
HIGH
Sourcecodester Computer Laboratory Management System 1.0 - SQL Injection via manage_damage.php
CVSS 8.8
CVE-2025-4071
HIGH
PHPGurukul COVID19 Testing Management System 1.0 - SQL Injection via Status Parameter
CVSS 7.3
CVE-2025-4070
HIGH
PHPGurukul Rail Pass Management System 1.0 - SQL Injection via editid Parameter
CVSS 7.3
CVE-2025-40618
CRITICAL
Bookgy - SQL Injection via IDRESERVA Parameter
CVSS 9.8
CVE-2025-40617
CRITICAL
Bookgy - SQL Injection via IDTIPO IDPISTA IDSOCIO Parameters
CVSS 9.8
Details
Vulnerabilities
19,623
Exploit Likelihood
High