CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,625 vulnerabilities with CWE-89
CVE-2025-3973
HIGH
PHPGurukul COVID19 Testing Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-3972
HIGH
PHPGurukul COVID19 Testing Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-3971
HIGH
PHPGurukul COVID19 Testing Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-3968
MEDIUM
codeprojects News Publishing Site Dashboard 1.0 - SQL Injection
CVSS 6.3
CVE-2025-3957
MEDIUM
opplus springboot-admin 1.0 - SQL Injection
CVSS 6.3
CVE-2025-3956
MEDIUM
novel-cloud 1.4.0 - SQL Injection via BookInfoMapper.xml RestResp Function
CVSS 6.3
CVE-2025-46578
MEDIUM
ZTE ZXCloud GoldenDB 6.1.03-6.1.03.10 - SQL Injection
CVSS 6.5
CVE-2025-46577
MEDIUM
ZTE ZXCloud GoldenDB 6.1.03-6.1.03.10 - SQL Injection
CVSS 6.5
CVE-2025-3955
MEDIUM
Codeprojects Patient Record Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-25775
CRITICAL
Codeastro Bus Ticket Booking System v1.0 - SQL Injection via kodetiket Parameter
CVSS 9.8
CVE-2025-28076
MEDIUM
EasyVirt DCScope <=8.6.4 & CO2Scope <=1.3.4 - SQL Injection
CVSS 6.5
CVE-2025-46546
LOW
Sherpa Orchestrator 141851 - SQL Injection
CVSS 3.5
CVE-2025-29529
MEDIUM
ITC Systems Multiplan/Matrix OneCard <3.7.4.1002 - SQL Injection
CVSS 6.5
CVE-2025-46248
CRITICAL
M A Vinoth Kumar Frontend Dashboard <2.2.5 - SQL Injection
CVSS 9.3
CVE-2025-39377
HIGH
weDevs Appsero Helper <1.3.4 - SQL Injection
CVSS 8.5
CVE-2025-44135
MEDIUM
Online Class and Exam Scheduling System 1.0 - SQL Injection via Username Parameter
CVSS 6.5
CVE-2025-44134
MEDIUM
Code-Projects Online Class and Exam Scheduling System 1.0 - SQL Injection via class Parameter
CVSS 6.5
CVE-2025-3872
HIGH
Centreon Web SQL Injection via Contact Form Payload
CVSS 7.2
CVE-2025-3280
MEDIUM
ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes <...
CVSS 6.5
CVE-2025-1520
HIGH
PostHog < 0.3.7 - Authenticated SQL Injection via ClickHouse Table Functions
CVSS 8.0
CVE-2025-32969
CRITICAL
XWiki REST API Query - SQL Injection
CVSS 9.8
CVE-2025-32968
HIGH
XWiki 1.6-15.10.15, 16.0-16.4.5, 16.5-16.10.0 - Authenticated Blind SQL Injection via HQL Query
CVSS 8.8
CVE-2025-43949
CRITICAL
MuM MapEdit <24.2.3 - SQL Injection
CVSS 9.8
CVE-2025-3767
HIGH
Centreon BAM <24.10.1-23.10.10 - SQL Injection
CVSS 7.2
CVE-2025-23176
HIGH
Tecnick TCExam 16.3.2 - SQL Injection
CVSS 8.8
Details
Vulnerabilities
19,625
Exploit Likelihood
High