CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,634 vulnerabilities with CWE-89
CVE-2025-32120 HIGH
Erick Danzer Easy Query - SQL Injection
CVSS 7.6
CVE-2025-31403 CRITICAL
shiptrack Booking Calendar & Notification <4.0.3 - SQL Injection
CVSS 9.3
CVE-2025-3245 MEDIUM
itsourcecode Library Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-3243 MEDIUM
code-projects Patient Record Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-3242 MEDIUM
PHPGurukul e-Diary Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-3240 HIGH
PHPGurukul Online Fire Reporting System 1.2 - SQL Injection
CVSS 7.3
CVE-2025-3239 HIGH
PHPGurukul Online Fire Reporting System 1.2 - SQL Injection
CVSS 7.3
CVE-2025-3238 HIGH
PHPGurukul Online Fire Reporting System 1.2 - SQL Injection
CVSS 7.3
CVE-2025-3235 MEDIUM
PHPGurukul Old Age Home Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-3231 HIGH
PHPGurukul Zoo Management System 2.1 - SQL Injection
CVSS 7.3
CVE-2025-3229 MEDIUM
PHPGurukul Restaurant Table Booking System 1.0 - SQL Injection
CVSS 4.7
CVE-2025-3220 HIGH
PHPGurukul e-Diary Management System 1.0 - SQL Injection via Category Parameter
CVSS 7.3
CVE-2025-3217 HIGH
PHPGurukul e-Diary Management System 1.0 - SQL Injection via Registration Email Parameter
CVSS 7.3
CVE-2025-3216 HIGH
PHPGurukul e-Diary Management System 1.0 - SQL Injection via Username/Contactno Parameter
CVSS 7.3
CVE-2025-3215 MEDIUM
PHPGurukul Restaurant Table Booking System 1.0 - SQL Injection via fullname Parameter
CVSS 6.3
CVE-2025-3213 HIGH
PHPGurukul e-Diary Management System 1.0 - SQL Injection via Remark Parameter
CVSS 7.3
CVE-2025-3211 MEDIUM
Patient Record Management System 1.0 - SQL Injection via itr_no/birth_id Parameter in birthing_print.php
CVSS 6.3
CVE-2025-2317 HIGH
Product Filter by WBW <2.7.9 - SQL Injection
CVSS 7.5
CVE-2025-3210 MEDIUM
code-projects Patient Record Management System 1.0 - SQL Injection via birth_id Parameter
CVSS 6.3
CVE-2025-3209 MEDIUM
Patient Record Management System 1.0 - SQL Injection via itr_no Parameter in add_patient.php
CVSS 6.3
CVE-2025-3208 MEDIUM
code-projects Patient Record Management System 1.0 - SQL Injection via itr_no Parameter in xray_print.php
CVSS 6.3
CVE-2025-3207 MEDIUM
code-projects Patient Record Management System 1.0 - SQL Injection via birth_id Parameter
CVSS 6.3
CVE-2025-3206 MEDIUM
code-projects Hospital Management System 1.0 - SQL Injection via doctorspecilization Parameter
CVSS 6.3
CVE-2025-3205 MEDIUM
CodeAstro Student Grading System 1.0 - SQL Injection via studentId Parameter
CVSS 6.3
CVE-2025-3204 MEDIUM
CodeAstro Car Rental System 1.0 - SQL Injection via /returncar.php ID Parameter
CVSS 6.3
Details
Vulnerabilities 19,634
Exploit Likelihood High