CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,625 vulnerabilities with CWE-89
CVE-2025-3973 HIGH
PHPGurukul COVID19 Testing Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-3972 HIGH
PHPGurukul COVID19 Testing Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-3971 HIGH
PHPGurukul COVID19 Testing Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-3968 MEDIUM
codeprojects News Publishing Site Dashboard 1.0 - SQL Injection
CVSS 6.3
CVE-2025-3957 MEDIUM
opplus springboot-admin 1.0 - SQL Injection
CVSS 6.3
CVE-2025-3956 MEDIUM
novel-cloud 1.4.0 - SQL Injection via BookInfoMapper.xml RestResp Function
CVSS 6.3
CVE-2025-46578 MEDIUM
ZTE ZXCloud GoldenDB 6.1.03-6.1.03.10 - SQL Injection
CVSS 6.5
CVE-2025-46577 MEDIUM
ZTE ZXCloud GoldenDB 6.1.03-6.1.03.10 - SQL Injection
CVSS 6.5
CVE-2025-3955 MEDIUM
Codeprojects Patient Record Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-25775 CRITICAL
Codeastro Bus Ticket Booking System v1.0 - SQL Injection via kodetiket Parameter
CVSS 9.8
CVE-2025-28076 MEDIUM
EasyVirt DCScope <=8.6.4 & CO2Scope <=1.3.4 - SQL Injection
CVSS 6.5
CVE-2025-46546 LOW
Sherpa Orchestrator 141851 - SQL Injection
CVSS 3.5
CVE-2025-29529 MEDIUM
ITC Systems Multiplan/Matrix OneCard <3.7.4.1002 - SQL Injection
CVSS 6.5
CVE-2025-46248 CRITICAL
M A Vinoth Kumar Frontend Dashboard <2.2.5 - SQL Injection
CVSS 9.3
CVE-2025-39377 HIGH
weDevs Appsero Helper <1.3.4 - SQL Injection
CVSS 8.5
CVE-2025-44135 MEDIUM
Online Class and Exam Scheduling System 1.0 - SQL Injection via Username Parameter
CVSS 6.5
CVE-2025-44134 MEDIUM
Code-Projects Online Class and Exam Scheduling System 1.0 - SQL Injection via class Parameter
CVSS 6.5
CVE-2025-3872 HIGH
Centreon Web SQL Injection via Contact Form Payload
CVSS 7.2
CVE-2025-3280 MEDIUM
ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes <...
CVSS 6.5
CVE-2025-1520 HIGH
PostHog < 0.3.7 - Authenticated SQL Injection via ClickHouse Table Functions
CVSS 8.0
CVE-2025-32969 CRITICAL
XWiki REST API Query - SQL Injection
CVSS 9.8
CVE-2025-32968 HIGH
XWiki 1.6-15.10.15, 16.0-16.4.5, 16.5-16.10.0 - Authenticated Blind SQL Injection via HQL Query
CVSS 8.8
CVE-2025-43949 CRITICAL
MuM MapEdit <24.2.3 - SQL Injection
CVSS 9.8
CVE-2025-3767 HIGH
Centreon BAM <24.10.1-23.10.10 - SQL Injection
CVSS 7.2
CVE-2025-23176 HIGH
Tecnick TCExam 16.3.2 - SQL Injection
CVSS 8.8
Details
Vulnerabilities 19,625
Exploit Likelihood High