CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,636 vulnerabilities with CWE-89
CVE-2025-2393
MEDIUM
Online Class and Exam Scheduling System 1.0 - SQL Injection via id Parameter
CVSS 4.7
CVE-2025-2392
MEDIUM
Online Class and Exam Scheduling System 1.0 - SQL Injection via Activate Page ID Parameter
CVSS 4.7
CVE-2025-2391
HIGH
Blood Bank Management System 1.0 - SQL Injection in Admin Login Page
CVSS 7.3
CVE-2025-25914
CRITICAL
Online Exam Mastering System 1.0 - SQL Injection via fid Parameter
CVSS 9.8
CVE-2025-2390
MEDIUM
code-projects Blood Bank Management System 1.0 - SQL Injection in /user_dashboard/add_donor.php
CVSS 6.3
CVE-2025-2389
MEDIUM
Blood Bank Management System 1.0 - SQL Injection in /admin/add_city.php
CVSS 4.7
CVE-2025-29425
MEDIUM
Online Class and Exam Scheduling System 1.0 - SQL Injection via exam_save.php Parameters
CVSS 5.5
CVE-2025-2387
HIGH
SourceCodester Online Food Ordering System 2.0 - SQL Injection via pid Parameter in /admin/ajax.php
CVSS 7.3
CVE-2025-2386
HIGH
PHPGurukul Local Services Search Engine 1.0 - SQLi via serviceman-search.php Location
CVSS 7.3
CVE-2025-2385
HIGH
code-projects Modern Bag 1.0 - SQL Injection via User Email/Password Parameters
CVSS 7.3
CVE-2025-2384
MEDIUM
Real Estate Property Management System 1.0 - SQL Injection via InsertCustomer.php Parameter Handler
CVSS 6.3
CVE-2025-2383
HIGH
PHPGurukul Doctor Appointment Management System 1.0 - SQL Injection via searchdata Parameter
CVSS 7.3
CVE-2025-2382
HIGH
PHPGurukul Online Banquet Booking System 1.0 - SQL Injection via Booking Search Parameter
CVSS 7.3
CVE-2025-2381
HIGH
PHPGurukul Curfew e-Pass Management System 1.0 - SQL Injection via searchdata Parameter
CVSS 7.3
CVE-2025-2380
HIGH
PHPGurukul Apartment Visitors Management System 1.0 - SQL Injection via Mobile Number Parameter
CVSS 7.3
CVE-2025-2379
HIGH
PHPGurukul Apartment Visitors Management System 1.0 - SQL Injection via visname Parameter
CVSS 7.3
CVE-2025-2378
HIGH
PHPGurukul Medical Card Generation System 1.0 - SQL Injection via searchdata Parameter
CVSS 7.3
CVE-2025-2374
MEDIUM
PHPGurukul Human Metapneumovirus Testing Management System 1.0 - SQL Injection via Profile Parameter
CVSS 6.3
CVE-2025-2373
MEDIUM
Human Metapneumovirus Testing Management System 1.0 - SQL Injection via mobnumber/employeeid Parameter
CVSS 6.3
CVE-2025-2372
HIGH
PHPGurukul Human Metapneumovirus Testing Management System 1.0 - SQL Injection via Password Recovery Username Parameter
CVSS 7.3
CVE-2025-2200
CRITICAL
IcProgreso plugin - SQL Injection via user id idGroup start_date end_date Parameters
CVE-2025-2199
CRITICAL
Innovación y Cualificación - SQL Injection
CVE-2025-2362
HIGH
PHPGurukul Pre-School Enrollment System 1.0 - SQL Injection via mobnum Parameter
CVSS 7.3
CVE-2025-2358
MEDIUM
Shenzhen Mingyuan Cloud Technology Mingyuan Real Estate ERP System ...
CVSS 6.3
CVE-2025-2353
HIGH
VAM Virtual Airlines Manager <2.6.2 - SQL Injection
CVSS 7.3
Details
Vulnerabilities
19,636
Exploit Likelihood
High