CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,636 vulnerabilities with CWE-89
CVE-2025-1311 MEDIUM
WooCommerce Multivendor Marketplace - SQL Injection
CVSS 6.5
CVE-2025-0723 MEDIUM
ProfileGrid <= 5.9.4.7 - Authenticated SQL Injection via rid/search Parameters
CVSS 6.5
CVE-2025-2608 MEDIUM
PHPGurukul Banquet Booking System 1.2 - SQL Injection via viewid Parameter
CVSS 6.3
CVE-2025-2604 MEDIUM
Kortex Lite Advocate Office Management System 1.0 - SQL Injection via edit_act.php ID Parameter
CVSS 6.3
CVE-2025-2603 MEDIUM
Kortex Lite Advocate Office Management System 1.0 - SQL Injection via deactivate.php ID Parameter
CVSS 6.3
CVE-2025-2602 MEDIUM
SourceCodester Kortex Lite Advocate Office Management System 1.0 - SQL Injection via deactivate_reg.php ID Parameter
CVSS 6.3
CVE-2025-2601 MEDIUM
SourceCodester Kortex Lite Advocate Office Management System 1.0 - SQL Injection via activate_reg.php ID Parameter
CVSS 6.3
CVE-2025-2593 MEDIUM
FastCMS <= 0.1.5 - SQL Injection via /api/client/article/list orderBy Parameter
CVSS 6.3
CVE-2025-29641 HIGH
Phpgurukul Vehicle Record Management System 1.0 - SQL Injection via searchinputdata Parameter
CVSS 7.3
CVE-2025-29640 MEDIUM
Human Metapneumovirus (HMPV) - Testing Management System 1.0 - SQL Injection via Patient Report Search Parameter
CVSS 5.4
CVE-2025-2587 MEDIUM
Jinher OA C6 1.0 - SQL Injection via IncentivePlanFulfillAppprove.aspx httpOID Parameter
CVSS 6.3
CVE-2025-2585 HIGH
EBM Maintenance Center - SQL Injection
CVSS 8.8
CVE-2025-26852 CRITICAL
DESCOR INFOCAD < 3.5.2.0 - SQL Injection
CVSS 10.0
CVE-2025-29980 CRITICAL
eTRAKiT.net <3.2.1.77 - SQL Injection
CVSS 9.8
CVE-2025-2511 MEDIUM
AHAthat Plugin <1.6 - SQL Injection
CVSS 4.9
CVE-2025-27018 MEDIUM
Apache Airflow MySQL Provider <6.2.0 - SQL Injection
CVSS 6.3
CVE-2025-24799 HIGH
GLPI 10.0.0-10.0.17 - Unauthenticated SQL Injection via Inventory Endpoint
CVSS 7.5
CVE-2025-21619 CRITICAL
GLPI 0.78-10.0.17 - Authenticated SQL Injection via Rules Configuration Forms
CVSS 9.8
CVE-2025-25582 MEDIUM
yimioa < 2024-07-04 - SQL Injection via OaNoticeMapper.xml selectNoticeList()
CVSS 6.1
CVE-2025-25590 MEDIUM
yimioa < 2024.07.04 - SQL Injection via AddressDao.xml Mapper
CVSS 6.1
CVE-2025-25580 MEDIUM
yimioa < 2024.07.04 - SQL Injection via listNameBySql() Method
CVSS 6.1
CVE-2025-2473 HIGH
PHPGurukul Company Visitor Management System 2.0 - SQL Injection
CVSS 7.3
CVE-2025-2472 HIGH
PHPGurukul Apartment Visitors Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-2471 MEDIUM
PHPGurukul Boat Booking System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-2419 MEDIUM
Real Estate Property Management System 1.0 - SQL Injection
CVSS 6.3
Details
Vulnerabilities 19,636
Exploit Likelihood High