CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,636 vulnerabilities with CWE-89
CVE-2025-31552 CRITICAL
davidfcarr RSVPMarker <11.4.8 - SQL Injection
CVSS 9.3
CVE-2025-31551 CRITICAL
Salesmate Add-On for Gravity Forms <2.0.3 - SQL Injection
CVSS 9.3
CVE-2025-31534 CRITICAL
Shopper <= 3.2.5 - SQL Injection
CVSS 9.3
CVE-2025-31531 CRITICAL
click5 History Log <1.0.13 - SQL Injection
CVSS 9.3
CVE-2025-31089 HIGH
Fahad Mahmood Order Splitter for WooCommerce <5.3.0 - SQL Injection
CVSS 8.5
CVE-2025-30807 CRITICAL
Martin Nguyen Next-Cart Store to WooCommerce Migration <3.9.4 - SQL...
CVSS 9.3
CVE-2025-3096 CRITICAL
Clinic's Patient Management System 2.0 - SQL Injection
CVE-2025-29208 MEDIUM
CodeZips Gym Management System 1.0 - SQL Injection via Name Parameter in deleteroutine.php
CVSS 6.5
CVE-2025-31910 HIGH
BookingPress <1.1.28 - SQL Injection
CVSS 7.6
CVE-2025-31024 HIGH
RJ Quickcharts <0.6.1 - SQL Injection
CVSS 8.5
CVE-2025-30971 CRITICAL
Xavi Ivars XV Random Quotes <1.40 - SQL Injection
CVSS 9.3
CVE-2025-30886 CRITICAL
JoomSky JS Help Desk <= 2.9.2 - SQL Injection
CVSS 9.3
CVE-2025-30876 CRITICAL
Ads by WPQuads <= 2.0.87.1 - SQL Injection
CVSS 9.3
CVE-2025-30774 HIGH
Ays Pro Quiz Maker <= 6.6.8.7 - SQL Injection
CVSS 8.2
CVE-2025-30622 CRITICAL
PostMash <= 1.0.3 - SQL Injection
CVSS 9.3
CVE-2025-30589 HIGH
Flickr set slideshows <0.9 - SQL Injection
CVSS 8.5
CVE-2025-1986 MEDIUM
Gutentor < 3.4.7 - Authenticated SQL Injection
CVSS 4.1
CVE-2025-3045 MEDIUM
oretnom23 Apartment Visitor Management System 1.0 - SQL Injection via /remove-apartment.php ID Parameter
CVSS 6.3
CVE-2025-3039 MEDIUM
Payroll Management System 1.0 - SQL Injection via lname/fname Parameter
CVSS 6.3
CVE-2025-3038 MEDIUM
Payroll Management System 1.0 - SQL Injection via salary_rate Parameter in view_account.php
CVSS 6.3
CVE-2025-3018 MEDIUM
SourceCodester Online Eyewear Shop 1.0 - SQL Injection via Users.php ID Parameter
CVSS 6.3
CVE-2025-3009 MEDIUM
Jinher Network OA C6 - SQL Injection
CVSS 6.3
CVE-2025-3006 HIGH
PHPGurukul e-Diary Management System 1.0 - SQL Injection via Category Parameter in edit-category.php
CVSS 7.3
CVE-2025-3003 MEDIUM
ESAFENET CDG 3 - SQL Injection via Username Parameter in UserAjax
CVSS 6.3
CVE-2025-31547 HIGH
Aphotrax Uptime Robot Plugin for WordPress - SQL Injection
CVSS 8.5
Details
Vulnerabilities 19,636
Exploit Likelihood High