CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,636 vulnerabilities with CWE-89
CVE-2025-31542
HIGH
wphocus My auctions allegro <3.6.20 - SQL Injection
CVSS 8.5
CVE-2025-31526
HIGH
eleopard Behance Portfolio Manager <1.7.4 - SQL Injection
CVSS 8.5
CVE-2025-2985
MEDIUM
code-projects Payroll Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-2984
MEDIUM
code-projects Payroll Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-3011
CRITICAL
PiExtract SOOP-CLM 5.1.0-5.2.9 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2025-2951
MEDIUM
Bluestar Micro Mall 1.0 - SQL Injection
CVSS 6.3
CVE-2025-28087
CRITICAL
Online Exam System 1.0 - SQL Injection via dash.php
CVSS 9.8
CVE-2025-2927
HIGH
ESAFENET CDG 5.6.3.154.205 - SQL Injection
CVSS 7.3
CVE-2025-22953
CRITICAL
Epicor HCM 2021 1.9 - SQL Injection via JsonFetcher.svc Filter Parameter
CVSS 9.8
CVE-2025-30372
CRITICAL
Emlog Pro 2.5.7-2.5.8 - SQL Injection via URL Double Encoding Bypass in search_controller.php
CVSS 9.8
CVE-2025-22523
CRITICAL
NotFound Schedule <1.0.0 - SQL Injection
CVSS 9.3
CVE-2025-31466
HIGH
Falcon Solutions Duplicate Page and Post <1.0 - SQL Injection
CVSS 8.5
CVE-2025-31099
HIGH
BestWebSoft Slider <1.1.0 - SQL Injection
CVSS 7.6
CVE-2025-2074
MEDIUM
Advanced Google reCAPTCHA <1.29 - SQL Injection
CVSS 5.3
CVE-2025-26898
CRITICAL
Shinetheme Traveler <3.1.8 - SQL Injection
CVSS 9.3
CVE-2025-30367
CRITICAL
WeGIA < 3.2.6 - SQL Injection via nextPage Parameter
CVSS 9.8
CVE-2025-30365
CRITICAL
WeGIA < 3.2.8 - SQL Injection via Query Parameter in /WeGIA/html/socio/sistema/controller/query_geracao_auto.php
CVSS 9.8
CVE-2025-30364
CRITICAL
WeGIA < 3.2.8 - SQL Injection via id_funcionario Parameter
CVSS 9.8
CVE-2025-25686
CRITICAL
semcms <= 5.0 - SQL Injection in SEMCMS_Fuction.php
CVSS 9.8
CVE-2025-22783
HIGH
SEO Plugin by Squirrly SEO <= 12.4.03 - SQL Injection
CVSS 8.5
CVE-2025-2854
MEDIUM
Payroll Management System 1.0 - SQL Injection via emp_type Parameter
CVSS 6.3
CVE-2025-22652
HIGH
kendysond Payment Forms <4.0.1 - SQL Injection
CVSS 7.6
CVE-2025-2852
MEDIUM
Food Ordering Management System <= 1.0 - SQL Injection via /admin/menus/view_menu.php ID Parameter
CVSS 4.7
CVE-2025-2847
MEDIUM
Codezips Gym Management System 1.0 - SQL Injection via mm Parameter in /dashboard/admin/over_month.php
CVSS 6.3
CVE-2025-2846
HIGH
SourceCodester Online Eyewear Shop 1.0 - SQL Injection via Registration ID Parameter
CVSS 7.3
Details
Vulnerabilities
19,636
Exploit Likelihood
High