CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,634 vulnerabilities with CWE-89
CVE-2025-29391
HIGH
horvey Library-Manager v1.0 - SQL Injection in BookController
CVSS 7.2
CVE-2025-29390
HIGH
jerryhanjj ERP 1.0 - SQL Injection in set_password Function
CVSS 8.8
CVE-2025-29189
HIGH
Flowise <= 2.2.3 - SQL Injection via tableName Parameter
CVSS 7.6
CVE-2025-25226
CRITICAL
Database package <x - SQL Injection
CVSS 9.8
CVE-2025-32020
CRITICAL
crud-query-parser < 0.1.0 - SQL Injection via TypeORM Order/Sort Parameter
CVE-2025-22461
HIGH
Ivanti Endpoint Manager < 2024 SU1 and < 2022 SU7 - Authenticated SQL Injection
CVSS 7.2
CVE-2025-3436
MEDIUM
coreActivity: Activity Logging for WordPress <= 2.7 - Authenticated SQL Injection via Order and Orderby Parameters
CVSS 6.5
CVE-2025-3430
MEDIUM
3DPrint Lite <= 2.1.3.6 - Unauthenticated SQL Injection via printer_text Parameter
CVSS 4.9
CVE-2025-3429
MEDIUM
3DPrint Lite <= 2.1.3.6 - Unauthenticated SQL Injection via material_text Parameter
CVSS 4.9
CVE-2025-3428
MEDIUM
3DPrint Lite <= 2.1.3.6 - Unauthenticated SQL Injection via coating_text Parameter
CVSS 4.9
CVE-2025-3427
MEDIUM
3DPrint Lite <= 2.1.3.6 - Unauthenticated SQL Injection via infill_text Parameter
CVSS 4.9
CVE-2025-3402
MEDIUM
Seeyon Zhiyuan Interconnect FE 5.5.2 SQL Injection via /sysform/042/check.js%70
CVSS 6.3
CVE-2025-3401
HIGH
ESAFENET CDG 5.6.3.154.205_20250114 - SQL Injection via noticeId Parameter
CVSS 7.3
CVE-2025-3400
HIGH
ESAFENET CDG 5.6.3.154.205_20250114 - SQL Injection via typename Parameter in UnChkMailApplication.jsp
CVSS 7.3
CVE-2025-3399
HIGH
ESAFENET CDG 5.6.3.154.205_20250114 - SQL Injection
CVSS 7.3
CVE-2025-0942
HIGH
Jalios JPlatform <10.0.6 - SQL Injection
CVSS 8.6
CVE-2025-3384
HIGH
1000 Projects HRMS 1.0 - SQL Injection
CVSS 7.3
CVE-2025-3383
HIGH
Web-based Pharmacy Product Management System 1.0 - SQL Injection via Name Parameter in search_sales.php
CVSS 7.3
CVE-2025-3382
MEDIUM
joey-zhou xiaozhi-esp32-server-java <a14fe8115842ee42ab5c7a51706b8a...
CVSS 6.3
CVE-2025-3370
HIGH
PHPGurukul Men Salon Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-3369
MEDIUM
xxyopen Novel-Plus 5.1.0 - SQL Injection
CVSS 6.3
CVE-2025-3353
HIGH
PHPGurukul Men Salon Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-3352
HIGH
PHPGurukul Old Age Home Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-3351
HIGH
PHPGurukul Old Age Home Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-3350
HIGH
PHPGurukul Old Age Home Management System 1.0 - SQL Injection
CVSS 7.3
Details
Vulnerabilities
19,634
Exploit Likelihood
High