CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,625 vulnerabilities with CWE-89
CVE-2025-27495 CRITICAL
TeleControl Server Basic < V3.1.2.2 - SQL Injection
CVSS 9.8
CVE-2025-3697 MEDIUM
Web-based Pharmacy Product Management System 1.0 - SQL Injection via /edit-product.php ID Parameter
CVSS 6.3
CVE-2025-3696 MEDIUM
Web-based Pharmacy Product Management System 1.0 - SQL Injection via Name Parameter in search_stock.php
CVSS 6.3
CVE-2025-3694 HIGH
Web-based Pharmacy Product Management System 1.0 - SQL Injection via Login Email Parameter
CVSS 7.3
CVE-2025-3690 HIGH
PHPGurukul Men Salon Management System 1.0 - SQL Injection via Edit Services Cost Parameter
CVSS 7.3
CVE-2025-3689 HIGH
PHPGurukul Men Salon Management System 1.0 - SQL Injection via editid Parameter
CVSS 7.3
CVE-2025-39566 HIGH
Bob Hostel <1.1.5.6 - SQL Injection
CVSS 7.6
CVE-2025-39518 HIGH
RedefiningTheWeb BMA Lite <1.4.2 - SQL Injection
CVSS 7.6
CVE-2025-1981 CRITICAL
Symfonia Ready_ 7.0.0.0-7.19.39.23 and 8.0.0.0-8.0.2.2 - Authenticated SQL Injection in Invoices Module File Search
CVE-2025-3685 MEDIUM
code-projects Patient Record Management System 1.0 - SQL Injection via ID Parameter in edit_fpatient.php
CVSS 6.3
CVE-2025-3684 MEDIUM
Xianqi Kindergarten Management System 2.0 Bulid 20190808 - SQL Injection via stu_list.php Sex Parameter
CVSS 6.3
CVE-2025-3676 MEDIUM
xxyopen Novel-Plus 3.5.0 - SQL Injection via /api/front/search/books Sort Parameter
CVSS 6.3
CVE-2025-27892 MEDIUM
Shopware < 6.5.8.13 - SQL Injection
CVSS 6.8
CVE-2025-26908 HIGH
Gurmehub Kargo Entegratör <1.1.14 - SQL Injection
CVSS 7.6
CVE-2025-28100 CRITICAL
dingfanzuCMS 1.0 - SQL Injection via operateOrder.php id Parameter
CVSS 9.8
CVE-2025-28198 MEDIUM
hitout_car_sale 1.0 - SQL Injection via StoreController.java orderBy Parameter
CVSS 5.9
CVE-2025-32993 MEDIUM
Vision Helpdesk <5.7.0 - SQL Injection
CVSS 6.5
CVE-2025-3470 MEDIUM
TS Poll - Survey, Versus Poll, Image Poll, Video Poll <2.4.6 - SQL ...
CVSS 4.9
CVE-2025-3589 MEDIUM
SourceCodester Music Class Enrollment System 1.0 - SQL Injection via manage_class.php ID Parameter
CVSS 6.3
CVE-2025-22371 CRITICAL
SicommNet BASEC - Unauthenticated SQL Injection via Login Page
CVE-2025-3571 MEDIUM
Fannuo Enterprise Content Management System 1.1/4.0 - SQL Injection
CVSS 6.3
CVE-2025-3559 MEDIUM
ghostxbh uzy-ssm-mall 1.0.0 - SQL Injection via ForeProductListController orderBy Parameter
CVSS 6.3
CVE-2025-3553 MEDIUM
phpshe 1.8 - SQL Injection via brand_id[] Parameter in admin.php
CVSS 6.3
CVE-2025-3534 MEDIUM
PowerCreator CMS 1.0 - SQL Injection
CVSS 6.3
CVE-2025-2128 MEDIUM
WordPress Cost Calculator Builder <3.2.67 - SQL Injection
CVSS 6.5
Details
Vulnerabilities 19,625
Exploit Likelihood High