CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,636 vulnerabilities with CWE-89
CVE-2025-22930 CRITICAL
OS4ED openSIS 7.0-9.1 - SQL Injection via Group.php groupid Parameter
CVSS 9.8
CVE-2025-22929 CRITICAL
OS4ED openSIS 7.0-9.1 - SQL Injection via StudentFilters.php filter_id Parameter
CVSS 9.8
CVE-2025-22928 CRITICAL
OS4ED openSIS 7.0-9.1 - SQL Injection via cp_id Parameter
CVSS 9.8
CVE-2025-3151 HIGH
Gym Management System 1.0 - SQL Injection via user_name Parameter in signup.php
CVSS 7.3
CVE-2025-3147 HIGH
PHPGurukul Boat Booking System 1.0 - SQL Injection via sadminusername Parameter
CVSS 7.3
CVE-2025-3146 HIGH
PHPGurukul Bus Pass Management System 1.0 - SQL Injection via viewid Parameter
CVSS 7.3
CVE-2025-3143 MEDIUM
SourceCodester Apartment Visitor Management System 1.0 - SQL Injection via visname/address Parameters
CVSS 6.3
CVE-2025-3142 MEDIUM
Apartment Visitor Management System 1.0 - SQL Injection via Building Number Parameter
CVSS 6.3
CVE-2025-3141 MEDIUM
SourceCodester Online Medicine Ordering System 1.0 - SQL Injection via manage_category.php ID Parameter
CVSS 6.3
CVE-2025-3140 MEDIUM
SourceCodester Online Medicine Ordering System 1.0 - SQL Injection via /view_category.php ID Parameter
CVSS 6.3
CVE-2025-3138 HIGH
PHPGurukul Online Security Guards Hiring System 1.0 - SQL Injection via editid Parameter
CVSS 7.3
CVE-2025-3137 HIGH
PHPGurukul Online Security Guards Hiring System 1.0 - SQL Injection via editid Parameter
CVSS 7.3
CVE-2025-3135 MEDIUM
fcba_zzm Smart Park Management System 2.1 - SQL Injection via /api/system/dept/update
CVSS 6.3
CVE-2025-3134 MEDIUM
Payroll Management System 1.0 - SQL Injection via /add_overtime.php Rate Parameter
CVSS 6.3
CVE-2025-3120 MEDIUM
Apartment Visitors Management System 1.0 - SQL Injection via apartmentno Parameter
CVSS 6.3
CVE-2025-3119 MEDIUM
SourceCodester Online Tutor Portal 1.0 - SQL Injection via ID Parameter in manage_course.php
CVSS 6.3
CVE-2025-3118 MEDIUM
SourceCodester Online Tutor Portal 1.0 - SQL Injection via ID Parameter in view_course.php
CVSS 6.3
CVE-2025-29085 CRITICAL
Vipshop Saturn Console <= 3.5.1 - SQL Injection via ClusterKey Component
CVSS 9.8
CVE-2025-22925 HIGH
OS4ED openSIS 7.0-9.1 - Authenticated SQL Injection via Attendance Codes Table Parameter
CVSS 7.5
CVE-2025-22924 HIGH
OS4ED openSIS 7.0-9.1 - SQL Injection via stu_id Parameter
CVSS 8.8
CVE-2025-31619 HIGH
marcoingraiti Actionwear <2.3.3 - SQL Injection
CVSS 8.5
CVE-2025-31579 CRITICAL
EXEIdeas International WP AutoKeyword <1.0 - SQL Injection
CVSS 9.3
CVE-2025-31564 HIGH
Ai Auto Tool Content Writing Assistant <2.1.7 - SQL Injection
CVSS 8.5
CVE-2025-31561 HIGH
M. Tuhin Ultimate Push Notifications <1.1.8 - SQL Injection
CVSS 8.5
CVE-2025-31553 CRITICAL
WPFactory Advanced WooCommerce Product Sales Reporting <3.1 - SQL I...
CVSS 9.3
Details
Vulnerabilities 19,636
Exploit Likelihood High