CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,636 vulnerabilities with CWE-89
CVE-2025-1311
MEDIUM
WooCommerce Multivendor Marketplace - SQL Injection
CVSS 6.5
CVE-2025-0723
MEDIUM
ProfileGrid <= 5.9.4.7 - Authenticated SQL Injection via rid/search Parameters
CVSS 6.5
CVE-2025-2608
MEDIUM
PHPGurukul Banquet Booking System 1.2 - SQL Injection via viewid Parameter
CVSS 6.3
CVE-2025-2604
MEDIUM
Kortex Lite Advocate Office Management System 1.0 - SQL Injection via edit_act.php ID Parameter
CVSS 6.3
CVE-2025-2603
MEDIUM
Kortex Lite Advocate Office Management System 1.0 - SQL Injection via deactivate.php ID Parameter
CVSS 6.3
CVE-2025-2602
MEDIUM
SourceCodester Kortex Lite Advocate Office Management System 1.0 - SQL Injection via deactivate_reg.php ID Parameter
CVSS 6.3
CVE-2025-2601
MEDIUM
SourceCodester Kortex Lite Advocate Office Management System 1.0 - SQL Injection via activate_reg.php ID Parameter
CVSS 6.3
CVE-2025-2593
MEDIUM
FastCMS <= 0.1.5 - SQL Injection via /api/client/article/list orderBy Parameter
CVSS 6.3
CVE-2025-29641
HIGH
Phpgurukul Vehicle Record Management System 1.0 - SQL Injection via searchinputdata Parameter
CVSS 7.3
CVE-2025-29640
MEDIUM
Human Metapneumovirus (HMPV) - Testing Management System 1.0 - SQL Injection via Patient Report Search Parameter
CVSS 5.4
CVE-2025-2587
MEDIUM
Jinher OA C6 1.0 - SQL Injection via IncentivePlanFulfillAppprove.aspx httpOID Parameter
CVSS 6.3
CVE-2025-2585
HIGH
EBM Maintenance Center - SQL Injection
CVSS 8.8
CVE-2025-26852
CRITICAL
DESCOR INFOCAD < 3.5.2.0 - SQL Injection
CVSS 10.0
CVE-2025-29980
CRITICAL
eTRAKiT.net <3.2.1.77 - SQL Injection
CVSS 9.8
CVE-2025-2511
MEDIUM
AHAthat Plugin <1.6 - SQL Injection
CVSS 4.9
CVE-2025-27018
MEDIUM
Apache Airflow MySQL Provider <6.2.0 - SQL Injection
CVSS 6.3
CVE-2025-24799
HIGH
GLPI 10.0.0-10.0.17 - Unauthenticated SQL Injection via Inventory Endpoint
CVSS 7.5
CVE-2025-21619
CRITICAL
GLPI 0.78-10.0.17 - Authenticated SQL Injection via Rules Configuration Forms
CVSS 9.8
CVE-2025-25582
MEDIUM
yimioa < 2024-07-04 - SQL Injection via OaNoticeMapper.xml selectNoticeList()
CVSS 6.1
CVE-2025-25590
MEDIUM
yimioa < 2024.07.04 - SQL Injection via AddressDao.xml Mapper
CVSS 6.1
CVE-2025-25580
MEDIUM
yimioa < 2024.07.04 - SQL Injection via listNameBySql() Method
CVSS 6.1
CVE-2025-2473
HIGH
PHPGurukul Company Visitor Management System 2.0 - SQL Injection
CVSS 7.3
CVE-2025-2472
HIGH
PHPGurukul Apartment Visitors Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-2471
MEDIUM
PHPGurukul Boat Booking System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-2419
MEDIUM
Real Estate Property Management System 1.0 - SQL Injection
CVSS 6.3
Details
Vulnerabilities
19,636
Exploit Likelihood
High