CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,634 vulnerabilities with CWE-89
CVE-2025-29391 HIGH
horvey Library-Manager v1.0 - SQL Injection in BookController
CVSS 7.2
CVE-2025-29390 HIGH
jerryhanjj ERP 1.0 - SQL Injection in set_password Function
CVSS 8.8
CVE-2025-29189 HIGH
Flowise <= 2.2.3 - SQL Injection via tableName Parameter
CVSS 7.6
CVE-2025-25226 CRITICAL
Database package <x - SQL Injection
CVSS 9.8
CVE-2025-32020 CRITICAL
crud-query-parser < 0.1.0 - SQL Injection via TypeORM Order/Sort Parameter
CVE-2025-22461 HIGH
Ivanti Endpoint Manager < 2024 SU1 and < 2022 SU7 - Authenticated SQL Injection
CVSS 7.2
CVE-2025-3436 MEDIUM
coreActivity: Activity Logging for WordPress <= 2.7 - Authenticated SQL Injection via Order and Orderby Parameters
CVSS 6.5
CVE-2025-3430 MEDIUM
3DPrint Lite <= 2.1.3.6 - Unauthenticated SQL Injection via printer_text Parameter
CVSS 4.9
CVE-2025-3429 MEDIUM
3DPrint Lite <= 2.1.3.6 - Unauthenticated SQL Injection via material_text Parameter
CVSS 4.9
CVE-2025-3428 MEDIUM
3DPrint Lite <= 2.1.3.6 - Unauthenticated SQL Injection via coating_text Parameter
CVSS 4.9
CVE-2025-3427 MEDIUM
3DPrint Lite <= 2.1.3.6 - Unauthenticated SQL Injection via infill_text Parameter
CVSS 4.9
CVE-2025-3402 MEDIUM
Seeyon Zhiyuan Interconnect FE 5.5.2 SQL Injection via /sysform/042/check.js%70
CVSS 6.3
CVE-2025-3401 HIGH
ESAFENET CDG 5.6.3.154.205_20250114 - SQL Injection via noticeId Parameter
CVSS 7.3
CVE-2025-3400 HIGH
ESAFENET CDG 5.6.3.154.205_20250114 - SQL Injection via typename Parameter in UnChkMailApplication.jsp
CVSS 7.3
CVE-2025-3399 HIGH
ESAFENET CDG 5.6.3.154.205_20250114 - SQL Injection
CVSS 7.3
CVE-2025-0942 HIGH
Jalios JPlatform <10.0.6 - SQL Injection
CVSS 8.6
CVE-2025-3384 HIGH
1000 Projects HRMS 1.0 - SQL Injection
CVSS 7.3
CVE-2025-3383 HIGH
Web-based Pharmacy Product Management System 1.0 - SQL Injection via Name Parameter in search_sales.php
CVSS 7.3
CVE-2025-3382 MEDIUM
joey-zhou xiaozhi-esp32-server-java <a14fe8115842ee42ab5c7a51706b8a...
CVSS 6.3
CVE-2025-3370 HIGH
PHPGurukul Men Salon Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-3369 MEDIUM
xxyopen Novel-Plus 5.1.0 - SQL Injection
CVSS 6.3
CVE-2025-3353 HIGH
PHPGurukul Men Salon Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-3352 HIGH
PHPGurukul Old Age Home Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-3351 HIGH
PHPGurukul Old Age Home Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-3350 HIGH
PHPGurukul Old Age Home Management System 1.0 - SQL Injection
CVSS 7.3
Details
Vulnerabilities 19,634
Exploit Likelihood High