CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,636 vulnerabilities with CWE-89
CVE-2025-2393 MEDIUM
Online Class and Exam Scheduling System 1.0 - SQL Injection via id Parameter
CVSS 4.7
CVE-2025-2392 MEDIUM
Online Class and Exam Scheduling System 1.0 - SQL Injection via Activate Page ID Parameter
CVSS 4.7
CVE-2025-2391 HIGH
Blood Bank Management System 1.0 - SQL Injection in Admin Login Page
CVSS 7.3
CVE-2025-25914 CRITICAL
Online Exam Mastering System 1.0 - SQL Injection via fid Parameter
CVSS 9.8
CVE-2025-2390 MEDIUM
code-projects Blood Bank Management System 1.0 - SQL Injection in /user_dashboard/add_donor.php
CVSS 6.3
CVE-2025-2389 MEDIUM
Blood Bank Management System 1.0 - SQL Injection in /admin/add_city.php
CVSS 4.7
CVE-2025-29425 MEDIUM
Online Class and Exam Scheduling System 1.0 - SQL Injection via exam_save.php Parameters
CVSS 5.5
CVE-2025-2387 HIGH
SourceCodester Online Food Ordering System 2.0 - SQL Injection via pid Parameter in /admin/ajax.php
CVSS 7.3
CVE-2025-2386 HIGH
PHPGurukul Local Services Search Engine 1.0 - SQLi via serviceman-search.php Location
CVSS 7.3
CVE-2025-2385 HIGH
code-projects Modern Bag 1.0 - SQL Injection via User Email/Password Parameters
CVSS 7.3
CVE-2025-2384 MEDIUM
Real Estate Property Management System 1.0 - SQL Injection via InsertCustomer.php Parameter Handler
CVSS 6.3
CVE-2025-2383 HIGH
PHPGurukul Doctor Appointment Management System 1.0 - SQL Injection via searchdata Parameter
CVSS 7.3
CVE-2025-2382 HIGH
PHPGurukul Online Banquet Booking System 1.0 - SQL Injection via Booking Search Parameter
CVSS 7.3
CVE-2025-2381 HIGH
PHPGurukul Curfew e-Pass Management System 1.0 - SQL Injection via searchdata Parameter
CVSS 7.3
CVE-2025-2380 HIGH
PHPGurukul Apartment Visitors Management System 1.0 - SQL Injection via Mobile Number Parameter
CVSS 7.3
CVE-2025-2379 HIGH
PHPGurukul Apartment Visitors Management System 1.0 - SQL Injection via visname Parameter
CVSS 7.3
CVE-2025-2378 HIGH
PHPGurukul Medical Card Generation System 1.0 - SQL Injection via searchdata Parameter
CVSS 7.3
CVE-2025-2374 MEDIUM
PHPGurukul Human Metapneumovirus Testing Management System 1.0 - SQL Injection via Profile Parameter
CVSS 6.3
CVE-2025-2373 MEDIUM
Human Metapneumovirus Testing Management System 1.0 - SQL Injection via mobnumber/employeeid Parameter
CVSS 6.3
CVE-2025-2372 HIGH
PHPGurukul Human Metapneumovirus Testing Management System 1.0 - SQL Injection via Password Recovery Username Parameter
CVSS 7.3
CVE-2025-2200 CRITICAL
IcProgreso plugin - SQL Injection via user id idGroup start_date end_date Parameters
CVE-2025-2199 CRITICAL
Innovación y Cualificación - SQL Injection
CVE-2025-2362 HIGH
PHPGurukul Pre-School Enrollment System 1.0 - SQL Injection via mobnum Parameter
CVSS 7.3
CVE-2025-2358 MEDIUM
Shenzhen Mingyuan Cloud Technology Mingyuan Real Estate ERP System ...
CVSS 6.3
CVE-2025-2353 HIGH
VAM Virtual Airlines Manager <2.6.2 - SQL Injection
CVSS 7.3
Details
Vulnerabilities 19,636
Exploit Likelihood High