CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,625 vulnerabilities with CWE-89
CVE-2025-46252
HIGH
kofimokome Message Filter <1.6.3.2 - SQL Injection
CVSS 7.6
CVE-2025-46242
HIGH
Watu Quiz <= 3.4.3 - SQL Injection
CVSS 7.6
CVE-2025-3856
MEDIUM
xxyopen Novel-Plus 5.1.0 - SQL Injection via searchByPage Sort Parameter
CVSS 6.3
CVE-2025-3847
HIGH
markparticle WebServer <= 1.0 - SQL Injection via Login Username/Password Parameter
CVSS 7.3
CVE-2025-3846
HIGH
markparticle WebServer <= 1.0 - SQL Injection via Registration Username/Password
CVSS 7.3
CVE-2025-32956
HIGH
ManageWiki < 2025-04-20 - SQL Injection via Namespace Renaming
CVSS 8.0
CVE-2025-25228
LOW
VirtueMart 1.0.0-4.4.7 - SQL Injection
CVSS 3.8
CVE-2025-3829
HIGH
PHPGurukul Men Salon Management System 1.0 - SQL Injection via fromdate/todate Parameters
CVSS 7.3
CVE-2025-3828
HIGH
PHPGurukul Men Salon Management System 1.0 - SQL Injection via Remark Parameter
CVSS 7.3
CVE-2025-3827
HIGH
PHPGurukul Men Salon Management System 1.0 - SQL Injection via Forgot Password Email Parameter
CVSS 7.3
CVE-2025-3819
HIGH
PHPGurukul Men Salon Management System 1.0 - SQL Injection via searchdata Parameter
CVSS 7.3
CVE-2025-3818
MEDIUM
web.py 0.70 - SQL Injection via PostgresDB._process_insert_query
CVSS 6.3
CVE-2025-3817
MEDIUM
SourceCodester Online Eyewear Shop 1.0 - SQL Injection via ID Parameter in Master.php
CVSS 6.3
CVE-2025-3800
HIGH
WCMS 11 - SQL Injection via AnonymousController.php mobile_phone Parameter
CVSS 7.3
CVE-2025-3799
HIGH
WCMS 11 - SQL Injection via AnonymousController.php Email/Username Parameter
CVSS 7.3
CVE-2025-3797
MEDIUM
SeaCMS < 13.3 - SQL Injection via e_id Parameter in admin_topic.php
CVSS 4.7
CVE-2025-2010
HIGH
JobWP - Job Board, Job Listing, Career Page and Recruitment Plugin ...
CVSS 7.5
CVE-2025-3796
MEDIUM
PHPGurukul Men Salon Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-32389
MEDIUM
NamelessMC < 2.1.4 - SQL Injection via Square Bracket GET Parameter Syntax
CVSS 6.5
CVE-2025-3792
MEDIUM
SeaCMS < 13.3 - SQL Injection via e_id Parameter in admin_link.php
CVSS 4.7
CVE-2025-39471
CRITICAL
Pantherius Modal Survey <2.0.2.0.1 - SQL Injection
CVSS 9.3
CVE-2025-28009
CRITICAL
Dietiqa 1.0.20 - SQL Injection via Progress Body Weight Endpoint u Parameter
CVSS 9.8
CVE-2025-29181
HIGH
foxcms <= 1.25 - SQL Injection via $param['title'] in Field.php
CVSS 7.2
CVE-2025-29180
HIGH
FOXCMS <=1.25 - Time-Based Blind SQL Injection via installdb.php POST Parameters
CVSS 7.2
CVE-2025-39595
CRITICAL
Quentn WP <= 1.2.8 - SQL Injection
CVSS 9.3
Details
Vulnerabilities
19,625
Exploit Likelihood
High