CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,636 vulnerabilities with CWE-89
CVE-2025-2351
HIGH
DayCloud StudentManage 1.0 - SQL Injection
CVSS 7.3
CVE-2025-27281
HIGH
cookforweb All In Menu <1.1.5 - SQL Injection
CVSS 8.5
CVE-2025-26978
HIGH
NotFound FS Poster <6.5.8 - SQL Injection
CVSS 8.5
CVE-2025-26976
HIGH
Aldo Latino PrivateContent <8.11.4 - SQL Injection
CVSS 8.5
CVE-2025-26886
HIGH
PublishPress Authors <4.7.3 - SQL Injection
CVSS 7.6
CVE-2025-26875
CRITICAL
silverplugins217 - Multiple Shipping And Billing Address For Woocom...
CVSS 9.3
CVE-2025-1670
MEDIUM
WPSchoolPress <= 2.2.16 - Authenticated SQL Injection via cid Parameter
CVSS 6.5
CVE-2025-1669
MEDIUM
WPSchoolPress <= 2.2.17 - Authenticated SQL Injection via addNotify Action
CVSS 6.5
CVE-2025-2221
HIGH
WPCOM Member <= 1.7.6 - Unauthenticated Time-Based SQL Injection via user_phone Parameter
CVSS 7.5
CVE-2025-30022
MEDIUM
CM Soluces Informatica Ltda Auto Atendimento <1.x.x - SQL Injection
CVSS 6.8
CVE-2025-26163
CRITICAL
CM Soluces Informatica Ltda Auto Atendimento 1.x.x - SQL Injection via CPF Parameter
CVSS 9.8
CVE-2025-28011
MEDIUM
PHPGurukul User Registration & Login and User Management System v3.3 - SQL Injection via currentpassword Parameter
CVSS 6.1
CVE-2025-27103
MEDIUM
dataease < 2.10.6 - Authenticated Arbitrary File Read and Deserialization via JDBC Connection
CVSS 6.5
CVE-2025-24974
MEDIUM
DataEase < 2.10.6 - Authenticated Arbitrary File Read and Deserialization via JDBC Connection
CVSS 6.5
CVE-2025-2250
MEDIUM
WordPress Report Brute Force Attacks and Login Protection ReportAtt...
CVSS 4.9
CVE-2025-2107
HIGH
ArielBrailovsky-ViralAd <1.0.8 - SQL Injection
CVSS 7.5
CVE-2025-2106
HIGH
ArielBrailovsky-ViralAd <1.0.8 - SQL Injection
CVSS 7.5
CVE-2025-22954
CRITICAL
Koha < 24.11.02 - SQL Injection via lateissues-export.pl supplierid or serialid Parameter
CVSS 10.0
CVE-2025-2217
MEDIUM
zzskzy Warehouse Refinement Management System 1.3 - SQL Injection via showid Parameter in getAdyData.ashx
CVSS 6.3
CVE-2025-27617
HIGH
pimcore < 11.5.4 - Authenticated SQL Injection via Filter String
CVSS 8.8
CVE-2025-22370
MEDIUM
Mennekes Smart/Premium - SQL Injection
CVE-2025-2132
MEDIUM
ftcms 2.1 - SQL Injection via Search Component name Parameter
CVSS 4.7
CVE-2025-2126
MEDIUM
JoomlaUX JUX Real Estate 3.4.0 - SQL Injection
CVSS 6.3
CVE-2025-2118
HIGH
Quantico Tecnologia PRMV 6.48 - SQL Injection
CVSS 7.3
CVE-2025-2117
MEDIUM
Beijing Founder Electronics Founder Enjoys All-Media Acquisition an...
CVSS 6.3
Details
Vulnerabilities
19,636
Exploit Likelihood
High