CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,636 vulnerabilities with CWE-89
CVE-2025-22930
CRITICAL
OS4ED openSIS 7.0-9.1 - SQL Injection via Group.php groupid Parameter
CVSS 9.8
CVE-2025-22929
CRITICAL
OS4ED openSIS 7.0-9.1 - SQL Injection via StudentFilters.php filter_id Parameter
CVSS 9.8
CVE-2025-22928
CRITICAL
OS4ED openSIS 7.0-9.1 - SQL Injection via cp_id Parameter
CVSS 9.8
CVE-2025-3151
HIGH
Gym Management System 1.0 - SQL Injection via user_name Parameter in signup.php
CVSS 7.3
CVE-2025-3147
HIGH
PHPGurukul Boat Booking System 1.0 - SQL Injection via sadminusername Parameter
CVSS 7.3
CVE-2025-3146
HIGH
PHPGurukul Bus Pass Management System 1.0 - SQL Injection via viewid Parameter
CVSS 7.3
CVE-2025-3143
MEDIUM
SourceCodester Apartment Visitor Management System 1.0 - SQL Injection via visname/address Parameters
CVSS 6.3
CVE-2025-3142
MEDIUM
Apartment Visitor Management System 1.0 - SQL Injection via Building Number Parameter
CVSS 6.3
CVE-2025-3141
MEDIUM
SourceCodester Online Medicine Ordering System 1.0 - SQL Injection via manage_category.php ID Parameter
CVSS 6.3
CVE-2025-3140
MEDIUM
SourceCodester Online Medicine Ordering System 1.0 - SQL Injection via /view_category.php ID Parameter
CVSS 6.3
CVE-2025-3138
HIGH
PHPGurukul Online Security Guards Hiring System 1.0 - SQL Injection via editid Parameter
CVSS 7.3
CVE-2025-3137
HIGH
PHPGurukul Online Security Guards Hiring System 1.0 - SQL Injection via editid Parameter
CVSS 7.3
CVE-2025-3135
MEDIUM
fcba_zzm Smart Park Management System 2.1 - SQL Injection via /api/system/dept/update
CVSS 6.3
CVE-2025-3134
MEDIUM
Payroll Management System 1.0 - SQL Injection via /add_overtime.php Rate Parameter
CVSS 6.3
CVE-2025-3120
MEDIUM
Apartment Visitors Management System 1.0 - SQL Injection via apartmentno Parameter
CVSS 6.3
CVE-2025-3119
MEDIUM
SourceCodester Online Tutor Portal 1.0 - SQL Injection via ID Parameter in manage_course.php
CVSS 6.3
CVE-2025-3118
MEDIUM
SourceCodester Online Tutor Portal 1.0 - SQL Injection via ID Parameter in view_course.php
CVSS 6.3
CVE-2025-29085
CRITICAL
Vipshop Saturn Console <= 3.5.1 - SQL Injection via ClusterKey Component
CVSS 9.8
CVE-2025-22925
HIGH
OS4ED openSIS 7.0-9.1 - Authenticated SQL Injection via Attendance Codes Table Parameter
CVSS 7.5
CVE-2025-22924
HIGH
OS4ED openSIS 7.0-9.1 - SQL Injection via stu_id Parameter
CVSS 8.8
CVE-2025-31619
HIGH
marcoingraiti Actionwear <2.3.3 - SQL Injection
CVSS 8.5
CVE-2025-31579
CRITICAL
EXEIdeas International WP AutoKeyword <1.0 - SQL Injection
CVSS 9.3
CVE-2025-31564
HIGH
Ai Auto Tool Content Writing Assistant <2.1.7 - SQL Injection
CVSS 8.5
CVE-2025-31561
HIGH
M. Tuhin Ultimate Push Notifications <1.1.8 - SQL Injection
CVSS 8.5
CVE-2025-31553
CRITICAL
WPFactory Advanced WooCommerce Product Sales Reporting <3.1 - SQL I...
CVSS 9.3
Details
Vulnerabilities
19,636
Exploit Likelihood
High