CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,625 vulnerabilities with CWE-89
CVE-2025-27495
CRITICAL
TeleControl Server Basic < V3.1.2.2 - SQL Injection
CVSS 9.8
CVE-2025-3697
MEDIUM
Web-based Pharmacy Product Management System 1.0 - SQL Injection via /edit-product.php ID Parameter
CVSS 6.3
CVE-2025-3696
MEDIUM
Web-based Pharmacy Product Management System 1.0 - SQL Injection via Name Parameter in search_stock.php
CVSS 6.3
CVE-2025-3694
HIGH
Web-based Pharmacy Product Management System 1.0 - SQL Injection via Login Email Parameter
CVSS 7.3
CVE-2025-3690
HIGH
PHPGurukul Men Salon Management System 1.0 - SQL Injection via Edit Services Cost Parameter
CVSS 7.3
CVE-2025-3689
HIGH
PHPGurukul Men Salon Management System 1.0 - SQL Injection via editid Parameter
CVSS 7.3
CVE-2025-39566
HIGH
Bob Hostel <1.1.5.6 - SQL Injection
CVSS 7.6
CVE-2025-39518
HIGH
RedefiningTheWeb BMA Lite <1.4.2 - SQL Injection
CVSS 7.6
CVE-2025-1981
CRITICAL
Symfonia Ready_ 7.0.0.0-7.19.39.23 and 8.0.0.0-8.0.2.2 - Authenticated SQL Injection in Invoices Module File Search
CVE-2025-3685
MEDIUM
code-projects Patient Record Management System 1.0 - SQL Injection via ID Parameter in edit_fpatient.php
CVSS 6.3
CVE-2025-3684
MEDIUM
Xianqi Kindergarten Management System 2.0 Bulid 20190808 - SQL Injection via stu_list.php Sex Parameter
CVSS 6.3
CVE-2025-3676
MEDIUM
xxyopen Novel-Plus 3.5.0 - SQL Injection via /api/front/search/books Sort Parameter
CVSS 6.3
CVE-2025-27892
MEDIUM
Shopware < 6.5.8.13 - SQL Injection
CVSS 6.8
CVE-2025-26908
HIGH
Gurmehub Kargo Entegratör <1.1.14 - SQL Injection
CVSS 7.6
CVE-2025-28100
CRITICAL
dingfanzuCMS 1.0 - SQL Injection via operateOrder.php id Parameter
CVSS 9.8
CVE-2025-28198
MEDIUM
hitout_car_sale 1.0 - SQL Injection via StoreController.java orderBy Parameter
CVSS 5.9
CVE-2025-32993
MEDIUM
Vision Helpdesk <5.7.0 - SQL Injection
CVSS 6.5
CVE-2025-3470
MEDIUM
TS Poll - Survey, Versus Poll, Image Poll, Video Poll <2.4.6 - SQL ...
CVSS 4.9
CVE-2025-3589
MEDIUM
SourceCodester Music Class Enrollment System 1.0 - SQL Injection via manage_class.php ID Parameter
CVSS 6.3
CVE-2025-22371
CRITICAL
SicommNet BASEC - Unauthenticated SQL Injection via Login Page
CVE-2025-3571
MEDIUM
Fannuo Enterprise Content Management System 1.1/4.0 - SQL Injection
CVSS 6.3
CVE-2025-3559
MEDIUM
ghostxbh uzy-ssm-mall 1.0.0 - SQL Injection via ForeProductListController orderBy Parameter
CVSS 6.3
CVE-2025-3553
MEDIUM
phpshe 1.8 - SQL Injection via brand_id[] Parameter in admin.php
CVSS 6.3
CVE-2025-3534
MEDIUM
PowerCreator CMS 1.0 - SQL Injection
CVSS 6.3
CVE-2025-2128
MEDIUM
WordPress Cost Calculator Builder <3.2.67 - SQL Injection
CVSS 6.5
Details
Vulnerabilities
19,625
Exploit Likelihood
High