CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,636 vulnerabilities with CWE-89
CVE-2025-31552
CRITICAL
davidfcarr RSVPMarker <11.4.8 - SQL Injection
CVSS 9.3
CVE-2025-31551
CRITICAL
Salesmate Add-On for Gravity Forms <2.0.3 - SQL Injection
CVSS 9.3
CVE-2025-31534
CRITICAL
Shopper <= 3.2.5 - SQL Injection
CVSS 9.3
CVE-2025-31531
CRITICAL
click5 History Log <1.0.13 - SQL Injection
CVSS 9.3
CVE-2025-31089
HIGH
Fahad Mahmood Order Splitter for WooCommerce <5.3.0 - SQL Injection
CVSS 8.5
CVE-2025-30807
CRITICAL
Martin Nguyen Next-Cart Store to WooCommerce Migration <3.9.4 - SQL...
CVSS 9.3
CVE-2025-3096
CRITICAL
Clinic's Patient Management System 2.0 - SQL Injection
CVE-2025-29208
MEDIUM
CodeZips Gym Management System 1.0 - SQL Injection via Name Parameter in deleteroutine.php
CVSS 6.5
CVE-2025-31910
HIGH
BookingPress <1.1.28 - SQL Injection
CVSS 7.6
CVE-2025-31024
HIGH
RJ Quickcharts <0.6.1 - SQL Injection
CVSS 8.5
CVE-2025-30971
CRITICAL
Xavi Ivars XV Random Quotes <1.40 - SQL Injection
CVSS 9.3
CVE-2025-30886
CRITICAL
JoomSky JS Help Desk <= 2.9.2 - SQL Injection
CVSS 9.3
CVE-2025-30876
CRITICAL
Ads by WPQuads <= 2.0.87.1 - SQL Injection
CVSS 9.3
CVE-2025-30774
HIGH
Ays Pro Quiz Maker <= 6.6.8.7 - SQL Injection
CVSS 8.2
CVE-2025-30622
CRITICAL
PostMash <= 1.0.3 - SQL Injection
CVSS 9.3
CVE-2025-30589
HIGH
Flickr set slideshows <0.9 - SQL Injection
CVSS 8.5
CVE-2025-1986
MEDIUM
Gutentor < 3.4.7 - Authenticated SQL Injection
CVSS 4.1
CVE-2025-3045
MEDIUM
oretnom23 Apartment Visitor Management System 1.0 - SQL Injection via /remove-apartment.php ID Parameter
CVSS 6.3
CVE-2025-3039
MEDIUM
Payroll Management System 1.0 - SQL Injection via lname/fname Parameter
CVSS 6.3
CVE-2025-3038
MEDIUM
Payroll Management System 1.0 - SQL Injection via salary_rate Parameter in view_account.php
CVSS 6.3
CVE-2025-3018
MEDIUM
SourceCodester Online Eyewear Shop 1.0 - SQL Injection via Users.php ID Parameter
CVSS 6.3
CVE-2025-3009
MEDIUM
Jinher Network OA C6 - SQL Injection
CVSS 6.3
CVE-2025-3006
HIGH
PHPGurukul e-Diary Management System 1.0 - SQL Injection via Category Parameter in edit-category.php
CVSS 7.3
CVE-2025-3003
MEDIUM
ESAFENET CDG 3 - SQL Injection via Username Parameter in UserAjax
CVSS 6.3
CVE-2025-31547
HIGH
Aphotrax Uptime Robot Plugin for WordPress - SQL Injection
CVSS 8.5
Details
Vulnerabilities
19,636
Exploit Likelihood
High