CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,634 vulnerabilities with CWE-89
CVE-2025-3195
HIGH
Online Blood Bank Management System 1.0 - SQL Injection via Search Parameter
CVSS 7.3
CVE-2025-3188
HIGH
PHPGurukul e-Diary Management System 1.0 - SQL Injection via Category Parameter in add-notes.php
CVSS 7.3
CVE-2025-3187
HIGH
PHPGurukul e-Diary Management System 1.0 - SQL Injection via Login Detail Parameter
CVSS 7.3
CVE-2025-3186
HIGH
projectworlds Online Doctor Appointment Booking System 1.0 - SQL Injection via appid Parameter in invoice.php
CVSS 7.3
CVE-2025-3185
HIGH
projectworlds Online Doctor Appointment Booking System 1.0 - SQL Injection via patientFirstName Parameter
CVSS 7.3
CVE-2025-3184
HIGH
projectworlds Online Doctor Appointment Booking System 1.0 - SQL Injection via patientFirstName Parameter
CVSS 7.3
CVE-2025-3183
HIGH
projectworlds Online Doctor Appointment Booking System 1.0 - SQL Injection via patientFirstName Parameter
CVSS 7.3
CVE-2025-3182
HIGH
projectworlds Online Doctor Appointment Booking System 1.0 - SQL Injection via /patient/getschedule.php q Parameter
CVSS 7.3
CVE-2025-3181
HIGH
projectworlds Online Doctor Appointment Booking System 1.0 - SQL Injection via scheduleDate Parameter
CVSS 7.3
CVE-2025-3180
HIGH
projectworlds Online Doctor Appointment Booking System 1.0 - SQL Injection via /doctor/deleteschedule.php ID Parameter
CVSS 7.3
CVE-2025-3179
HIGH
projectworlds Online Doctor Appointment Booking System 1.0 - SQL Injection via /doctor/deletepatient.php ic Parameter
CVSS 7.3
CVE-2025-3178
HIGH
projectworlds Online Doctor Appointment Booking System 1.0 - SQL Injection via ID Parameter in deleteappointment.php
CVSS 7.3
CVE-2025-3176
HIGH
Online Lawyer Management System 1.0 - SQL Injection via u_id Parameter
CVSS 7.3
CVE-2025-3175
HIGH
Online Lawyer Management System 1.0 - SQL Injection via first_Name Parameter
CVSS 7.3
CVE-2025-3174
HIGH
Project Worlds Online Lawyer Management System 1.0 - SQL Injection via searchLawyer.php Experience Parameter
CVSS 7.3
CVE-2025-3173
HIGH
Project Worlds Online Lawyer Management System 1.0 - SQL Injection via save_booking.php lawyer_id/description Parameter
CVSS 7.3
CVE-2025-29647
CRITICAL
SeaCMS v13.3 - SQL Injection in admin_tempvideo.php
CVSS 9.8
CVE-2025-3172
HIGH
Online Lawyer Management System 1.0 - SQL Injection via unblock_id Parameter
CVSS 7.3
CVE-2025-3171
HIGH
Project Worlds Online Lawyer Management System 1.0 - SQL Injection via unblock_id Parameter
CVSS 7.3
CVE-2025-3170
HIGH
Project Worlds Online Lawyer Management System 1.0 - SQL Injection via block_id/unblock_id Parameter
CVSS 7.3
CVE-2025-3168
HIGH
PHPGurukul Time Table Generator System 1.0 - SQL Injection via editid Parameter
CVSS 7.3
CVE-2025-31911
CRITICAL
Social Share And Social Locker <1.4.2 - SQL Injection
CVSS 9.3
CVE-2025-29369
CRITICAL
Code-Projects Matrimonial Site V1.0 - SQL Injection via view_profile.php id Parameter
CVSS 9.8
CVE-2025-22930
CRITICAL
OS4ED openSIS 7.0-9.1 - SQL Injection via Group.php groupid Parameter
CVSS 9.8
CVE-2025-22929
CRITICAL
OS4ED openSIS 7.0-9.1 - SQL Injection via StudentFilters.php filter_id Parameter
CVSS 9.8
Details
Vulnerabilities
19,634
Exploit Likelihood
High