CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,636 vulnerabilities with CWE-89
CVE-2025-2351 HIGH
DayCloud StudentManage 1.0 - SQL Injection
CVSS 7.3
CVE-2025-27281 HIGH
cookforweb All In Menu <1.1.5 - SQL Injection
CVSS 8.5
CVE-2025-26978 HIGH
NotFound FS Poster <6.5.8 - SQL Injection
CVSS 8.5
CVE-2025-26976 HIGH
Aldo Latino PrivateContent <8.11.4 - SQL Injection
CVSS 8.5
CVE-2025-26886 HIGH
PublishPress Authors <4.7.3 - SQL Injection
CVSS 7.6
CVE-2025-26875 CRITICAL
silverplugins217 - Multiple Shipping And Billing Address For Woocom...
CVSS 9.3
CVE-2025-1670 MEDIUM
WPSchoolPress <= 2.2.16 - Authenticated SQL Injection via cid Parameter
CVSS 6.5
CVE-2025-1669 MEDIUM
WPSchoolPress <= 2.2.17 - Authenticated SQL Injection via addNotify Action
CVSS 6.5
CVE-2025-2221 HIGH
WPCOM Member <= 1.7.6 - Unauthenticated Time-Based SQL Injection via user_phone Parameter
CVSS 7.5
CVE-2025-30022 MEDIUM
CM Soluces Informatica Ltda Auto Atendimento <1.x.x - SQL Injection
CVSS 6.8
CVE-2025-26163 CRITICAL
CM Soluces Informatica Ltda Auto Atendimento 1.x.x - SQL Injection via CPF Parameter
CVSS 9.8
CVE-2025-28011 MEDIUM
PHPGurukul User Registration & Login and User Management System v3.3 - SQL Injection via currentpassword Parameter
CVSS 6.1
CVE-2025-27103 MEDIUM
dataease < 2.10.6 - Authenticated Arbitrary File Read and Deserialization via JDBC Connection
CVSS 6.5
CVE-2025-24974 MEDIUM
DataEase < 2.10.6 - Authenticated Arbitrary File Read and Deserialization via JDBC Connection
CVSS 6.5
CVE-2025-2250 MEDIUM
WordPress Report Brute Force Attacks and Login Protection ReportAtt...
CVSS 4.9
CVE-2025-2107 HIGH
ArielBrailovsky-ViralAd <1.0.8 - SQL Injection
CVSS 7.5
CVE-2025-2106 HIGH
ArielBrailovsky-ViralAd <1.0.8 - SQL Injection
CVSS 7.5
CVE-2025-22954 CRITICAL
Koha < 24.11.02 - SQL Injection via lateissues-export.pl supplierid or serialid Parameter
CVSS 10.0
CVE-2025-2217 MEDIUM
zzskzy Warehouse Refinement Management System 1.3 - SQL Injection via showid Parameter in getAdyData.ashx
CVSS 6.3
CVE-2025-27617 HIGH
pimcore < 11.5.4 - Authenticated SQL Injection via Filter String
CVSS 8.8
CVE-2025-22370 MEDIUM
Mennekes Smart/Premium - SQL Injection
CVE-2025-2132 MEDIUM
ftcms 2.1 - SQL Injection via Search Component name Parameter
CVSS 4.7
CVE-2025-2126 MEDIUM
JoomlaUX JUX Real Estate 3.4.0 - SQL Injection
CVSS 6.3
CVE-2025-2118 HIGH
Quantico Tecnologia PRMV 6.48 - SQL Injection
CVSS 7.3
CVE-2025-2117 MEDIUM
Beijing Founder Electronics Founder Enjoys All-Media Acquisition an...
CVSS 6.3
Details
Vulnerabilities 19,636
Exploit Likelihood High