CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,634 vulnerabilities with CWE-89
CVE-2025-3312 HIGH
PHPGurukul Men Salon Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-3311 HIGH
PHPGurukul Men Salon Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-3310 HIGH
Blood Bank Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-3309 HIGH
Blood Bank Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-1264 MEDIUM
Broken Link Checker by AIOSEO < 1.2.3 - Authenticated SQL Injection via orderBy Parameter
CVSS 6.5
CVE-2025-3308 HIGH
Blood Bank Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-3307 HIGH
Blood Bank Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-3306 HIGH
Blood Bank Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-3304 MEDIUM
code-projects Patient Record Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-3303 MEDIUM
code-projects Patient Record Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-3299 HIGH
PHPGurukul Men Salon Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-3296 MEDIUM
SourceCodester Online Eyewear Shop 1.0 - SQL Injection
CVSS 6.3
CVE-2025-3267 MEDIUM
qinguoyi TinyWebServer <1.0 - SQL Injection
CVSS 6.3
CVE-2025-3265 HIGH
PHPGurukul e-Diary Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-3258 HIGH
PHPGurukul Old Age Home Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-32204 HIGH
rocketelements Split Test For Elementor <1.8.2 - SQL Injection
CVSS 7.6
CVE-2025-32203 HIGH
manu225 Falling things <1.08 - SQL Injection
CVSS 7.6
CVE-2025-32149 HIGH
teachPress <= 9.0.11 - SQL Injection
CVSS 8.5
CVE-2025-32148 HIGH
Daisycon prijsvergelijkers <4.8.4 - SQL Injection
CVSS 8.5
CVE-2025-32127 HIGH
onOffice for WP-Websites - SQL Injection
CVSS 7.6
CVE-2025-32126 HIGH
cmsMinds Pay with Contact Form 7 <1.0.4 - SQL Injection
CVSS 7.6
CVE-2025-32125 HIGH
Silvasoft boekhouden <3.0.1 - SQL Injection
CVSS 7.6
CVE-2025-32124 HIGH
eleopard Behance Portfolio Manager <1.7.4 - SQL Injection
CVSS 7.6
CVE-2025-32122 HIGH
Stylemix uListing <2.1.9 - SQL Injection
CVSS 7.6
CVE-2025-32121 HIGH
SuitePlugins Video & Photo Gallery <1.1.3 - SQL Injection
CVSS 7.6
Details
Vulnerabilities 19,634
Exploit Likelihood High