CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,625 vulnerabilities with CWE-89
CVE-2025-46252 HIGH
kofimokome Message Filter <1.6.3.2 - SQL Injection
CVSS 7.6
CVE-2025-46242 HIGH
Watu Quiz <= 3.4.3 - SQL Injection
CVSS 7.6
CVE-2025-3856 MEDIUM
xxyopen Novel-Plus 5.1.0 - SQL Injection via searchByPage Sort Parameter
CVSS 6.3
CVE-2025-3847 HIGH
markparticle WebServer <= 1.0 - SQL Injection via Login Username/Password Parameter
CVSS 7.3
CVE-2025-3846 HIGH
markparticle WebServer <= 1.0 - SQL Injection via Registration Username/Password
CVSS 7.3
CVE-2025-32956 HIGH
ManageWiki < 2025-04-20 - SQL Injection via Namespace Renaming
CVSS 8.0
CVE-2025-25228 LOW
VirtueMart 1.0.0-4.4.7 - SQL Injection
CVSS 3.8
CVE-2025-3829 HIGH
PHPGurukul Men Salon Management System 1.0 - SQL Injection via fromdate/todate Parameters
CVSS 7.3
CVE-2025-3828 HIGH
PHPGurukul Men Salon Management System 1.0 - SQL Injection via Remark Parameter
CVSS 7.3
CVE-2025-3827 HIGH
PHPGurukul Men Salon Management System 1.0 - SQL Injection via Forgot Password Email Parameter
CVSS 7.3
CVE-2025-3819 HIGH
PHPGurukul Men Salon Management System 1.0 - SQL Injection via searchdata Parameter
CVSS 7.3
CVE-2025-3818 MEDIUM
web.py 0.70 - SQL Injection via PostgresDB._process_insert_query
CVSS 6.3
CVE-2025-3817 MEDIUM
SourceCodester Online Eyewear Shop 1.0 - SQL Injection via ID Parameter in Master.php
CVSS 6.3
CVE-2025-3800 HIGH
WCMS 11 - SQL Injection via AnonymousController.php mobile_phone Parameter
CVSS 7.3
CVE-2025-3799 HIGH
WCMS 11 - SQL Injection via AnonymousController.php Email/Username Parameter
CVSS 7.3
CVE-2025-3797 MEDIUM
SeaCMS < 13.3 - SQL Injection via e_id Parameter in admin_topic.php
CVSS 4.7
CVE-2025-2010 HIGH
JobWP - Job Board, Job Listing, Career Page and Recruitment Plugin ...
CVSS 7.5
CVE-2025-3796 MEDIUM
PHPGurukul Men Salon Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-32389 MEDIUM
NamelessMC < 2.1.4 - SQL Injection via Square Bracket GET Parameter Syntax
CVSS 6.5
CVE-2025-3792 MEDIUM
SeaCMS < 13.3 - SQL Injection via e_id Parameter in admin_link.php
CVSS 4.7
CVE-2025-39471 CRITICAL
Pantherius Modal Survey <2.0.2.0.1 - SQL Injection
CVSS 9.3
CVE-2025-28009 CRITICAL
Dietiqa 1.0.20 - SQL Injection via Progress Body Weight Endpoint u Parameter
CVSS 9.8
CVE-2025-29181 HIGH
foxcms <= 1.25 - SQL Injection via $param['title'] in Field.php
CVSS 7.2
CVE-2025-29180 HIGH
FOXCMS <=1.25 - Time-Based Blind SQL Injection via installdb.php POST Parameters
CVSS 7.2
CVE-2025-39595 CRITICAL
Quentn WP <= 1.2.8 - SQL Injection
CVSS 9.3
Details
Vulnerabilities 19,625
Exploit Likelihood High