CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,634 vulnerabilities with CWE-89
CVE-2025-3195 HIGH
Online Blood Bank Management System 1.0 - SQL Injection via Search Parameter
CVSS 7.3
CVE-2025-3188 HIGH
PHPGurukul e-Diary Management System 1.0 - SQL Injection via Category Parameter in add-notes.php
CVSS 7.3
CVE-2025-3187 HIGH
PHPGurukul e-Diary Management System 1.0 - SQL Injection via Login Detail Parameter
CVSS 7.3
CVE-2025-3186 HIGH
projectworlds Online Doctor Appointment Booking System 1.0 - SQL Injection via appid Parameter in invoice.php
CVSS 7.3
CVE-2025-3185 HIGH
projectworlds Online Doctor Appointment Booking System 1.0 - SQL Injection via patientFirstName Parameter
CVSS 7.3
CVE-2025-3184 HIGH
projectworlds Online Doctor Appointment Booking System 1.0 - SQL Injection via patientFirstName Parameter
CVSS 7.3
CVE-2025-3183 HIGH
projectworlds Online Doctor Appointment Booking System 1.0 - SQL Injection via patientFirstName Parameter
CVSS 7.3
CVE-2025-3182 HIGH
projectworlds Online Doctor Appointment Booking System 1.0 - SQL Injection via /patient/getschedule.php q Parameter
CVSS 7.3
CVE-2025-3181 HIGH
projectworlds Online Doctor Appointment Booking System 1.0 - SQL Injection via scheduleDate Parameter
CVSS 7.3
CVE-2025-3180 HIGH
projectworlds Online Doctor Appointment Booking System 1.0 - SQL Injection via /doctor/deleteschedule.php ID Parameter
CVSS 7.3
CVE-2025-3179 HIGH
projectworlds Online Doctor Appointment Booking System 1.0 - SQL Injection via /doctor/deletepatient.php ic Parameter
CVSS 7.3
CVE-2025-3178 HIGH
projectworlds Online Doctor Appointment Booking System 1.0 - SQL Injection via ID Parameter in deleteappointment.php
CVSS 7.3
CVE-2025-3176 HIGH
Online Lawyer Management System 1.0 - SQL Injection via u_id Parameter
CVSS 7.3
CVE-2025-3175 HIGH
Online Lawyer Management System 1.0 - SQL Injection via first_Name Parameter
CVSS 7.3
CVE-2025-3174 HIGH
Project Worlds Online Lawyer Management System 1.0 - SQL Injection via searchLawyer.php Experience Parameter
CVSS 7.3
CVE-2025-3173 HIGH
Project Worlds Online Lawyer Management System 1.0 - SQL Injection via save_booking.php lawyer_id/description Parameter
CVSS 7.3
CVE-2025-29647 CRITICAL
SeaCMS v13.3 - SQL Injection in admin_tempvideo.php
CVSS 9.8
CVE-2025-3172 HIGH
Online Lawyer Management System 1.0 - SQL Injection via unblock_id Parameter
CVSS 7.3
CVE-2025-3171 HIGH
Project Worlds Online Lawyer Management System 1.0 - SQL Injection via unblock_id Parameter
CVSS 7.3
CVE-2025-3170 HIGH
Project Worlds Online Lawyer Management System 1.0 - SQL Injection via block_id/unblock_id Parameter
CVSS 7.3
CVE-2025-3168 HIGH
PHPGurukul Time Table Generator System 1.0 - SQL Injection via editid Parameter
CVSS 7.3
CVE-2025-31911 CRITICAL
Social Share And Social Locker <1.4.2 - SQL Injection
CVSS 9.3
CVE-2025-29369 CRITICAL
Code-Projects Matrimonial Site V1.0 - SQL Injection via view_profile.php id Parameter
CVSS 9.8
CVE-2025-22930 CRITICAL
OS4ED openSIS 7.0-9.1 - SQL Injection via Group.php groupid Parameter
CVSS 9.8
CVE-2025-22929 CRITICAL
OS4ED openSIS 7.0-9.1 - SQL Injection via StudentFilters.php filter_id Parameter
CVSS 9.8
Details
Vulnerabilities 19,634
Exploit Likelihood High