CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,636 vulnerabilities with CWE-89
CVE-2025-31542 HIGH
wphocus My auctions allegro <3.6.20 - SQL Injection
CVSS 8.5
CVE-2025-31526 HIGH
eleopard Behance Portfolio Manager <1.7.4 - SQL Injection
CVSS 8.5
CVE-2025-2985 MEDIUM
code-projects Payroll Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-2984 MEDIUM
code-projects Payroll Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-3011 CRITICAL
PiExtract SOOP-CLM 5.1.0-5.2.9 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2025-2951 MEDIUM
Bluestar Micro Mall 1.0 - SQL Injection
CVSS 6.3
CVE-2025-28087 CRITICAL
Online Exam System 1.0 - SQL Injection via dash.php
CVSS 9.8
CVE-2025-2927 HIGH
ESAFENET CDG 5.6.3.154.205 - SQL Injection
CVSS 7.3
CVE-2025-22953 CRITICAL
Epicor HCM 2021 1.9 - SQL Injection via JsonFetcher.svc Filter Parameter
CVSS 9.8
CVE-2025-30372 CRITICAL
Emlog Pro 2.5.7-2.5.8 - SQL Injection via URL Double Encoding Bypass in search_controller.php
CVSS 9.8
CVE-2025-22523 CRITICAL
NotFound Schedule <1.0.0 - SQL Injection
CVSS 9.3
CVE-2025-31466 HIGH
Falcon Solutions Duplicate Page and Post <1.0 - SQL Injection
CVSS 8.5
CVE-2025-31099 HIGH
BestWebSoft Slider <1.1.0 - SQL Injection
CVSS 7.6
CVE-2025-2074 MEDIUM
Advanced Google reCAPTCHA <1.29 - SQL Injection
CVSS 5.3
CVE-2025-26898 CRITICAL
Shinetheme Traveler <3.1.8 - SQL Injection
CVSS 9.3
CVE-2025-30367 CRITICAL
WeGIA < 3.2.6 - SQL Injection via nextPage Parameter
CVSS 9.8
CVE-2025-30365 CRITICAL
WeGIA < 3.2.8 - SQL Injection via Query Parameter in /WeGIA/html/socio/sistema/controller/query_geracao_auto.php
CVSS 9.8
CVE-2025-30364 CRITICAL
WeGIA < 3.2.8 - SQL Injection via id_funcionario Parameter
CVSS 9.8
CVE-2025-25686 CRITICAL
semcms <= 5.0 - SQL Injection in SEMCMS_Fuction.php
CVSS 9.8
CVE-2025-22783 HIGH
SEO Plugin by Squirrly SEO <= 12.4.03 - SQL Injection
CVSS 8.5
CVE-2025-2854 MEDIUM
Payroll Management System 1.0 - SQL Injection via emp_type Parameter
CVSS 6.3
CVE-2025-22652 HIGH
kendysond Payment Forms <4.0.1 - SQL Injection
CVSS 7.6
CVE-2025-2852 MEDIUM
Food Ordering Management System <= 1.0 - SQL Injection via /admin/menus/view_menu.php ID Parameter
CVSS 4.7
CVE-2025-2847 MEDIUM
Codezips Gym Management System 1.0 - SQL Injection via mm Parameter in /dashboard/admin/over_month.php
CVSS 6.3
CVE-2025-2846 HIGH
SourceCodester Online Eyewear Shop 1.0 - SQL Injection via Registration ID Parameter
CVSS 7.3
Details
Vulnerabilities 19,636
Exploit Likelihood High