CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,636 vulnerabilities with CWE-89
CVE-2025-2113 HIGH
AT Software Solutions ATSVD <3.4.1 - SQL Injection
CVSS 7.3
CVE-2025-2112 MEDIUM
user-xiangpeng yaoqishan < 2020-02-29 - SQL Injection via getMediaLisByFilter typeId Parameter
CVSS 6.3
CVE-2025-1323 HIGH
WP-Recall < 16.26.10 - Unauthenticated SQL Injection via Databeat Parameter
CVSS 7.5
CVE-2025-2088 HIGH
PHPGurukul Pre-School Enrollment System <= 1.0 - SQL Injection via Profile Parameter Manipulation
CVSS 7.3
CVE-2025-1768 MEDIUM
SEO Plugin by Squirrly SEO < 12.4.06 - Authenticated Blind SQL Injection via Search Parameter
CVSS 6.5
CVE-2025-0959 HIGH
Eventer - WordPress Event & Booking Manager Plugin <= 3.9.9.2 - Authenticated SQL Injection via reg_id Parameter
CVSS 8.8
CVE-2025-2067 HIGH
projectworlds Life Insurance Management System 1.0 - SQL Injection via search.php key Parameter
CVSS 7.3
CVE-2025-2066 HIGH
projectworlds Life Insurance Management System 1.0 - SQL Injection via agent_id Parameter
CVSS 7.3
CVE-2025-2065 HIGH
projectworlds Life Insurance Management System 1.0 - SQL Injection via /editAgent.php agent_id Parameter
CVSS 7.3
CVE-2025-2064 HIGH
projectworlds Life Insurance Management System 1.0 - SQL Injection via recipt_no Parameter
CVSS 7.3
CVE-2025-2063 HIGH
projectworlds Life Insurance Management System 1.0 - SQL Injection via /deleteNominee.php nominee_id Parameter
CVSS 7.3
CVE-2025-2062 HIGH
projectworlds Life Insurance Management System 1.0 - SQL Injection via client_id Parameter in clientStatus.php
CVSS 7.3
CVE-2025-2060 HIGH
PHPGurukul Emergency Ambulance Hiring Portal 1.0 - SQL Injection via Admin Profile Contact Number Parameter
CVSS 7.3
CVE-2025-2059 HIGH
PHPGurukul Emergency Ambulance Hiring Portal 1.0 - SQL Injection via ambulanceregnum Parameter
CVSS 7.3
CVE-2025-2058 HIGH
PHPGurukul Emergency Ambulance Hiring Portal 1.0 - SQL Injection via searchdata Parameter
CVSS 7.3
CVE-2025-2057 HIGH
PHPGurukul Emergency Ambulance Hiring Portal 1.0 - SQL Injection via pagedes Parameter
CVSS 7.3
CVE-2025-2054 MEDIUM
code-projects Blood Bank Management System 1.0 - SQL Injection via state_id Parameter in edit_state.php
CVSS 4.7
CVE-2025-2053 MEDIUM
PHPGurukul Apartment Visitors Management System 1.0 - SQL Injection via editid Parameter
CVSS 6.3
CVE-2025-2052 MEDIUM
PHPGurukul Apartment Visitors Management System 1.0 - SQL Injection via Forgot Password Contact Number Parameter
CVSS 6.3
CVE-2025-2051 MEDIUM
PHPGurukul Apartment Visitors Management System 1.0 - SQL Injection via searchdata Parameter
CVSS 6.3
CVE-2025-2050 HIGH
PHPGurukul User Registration & Login and User Management System 3.3 - SQL Injection via Email Parameter in Login
CVSS 7.3
CVE-2025-2046 MEDIUM
Best Employee Management System 1.0 - SQL Injection via /admin/print1.php id Parameter
CVSS 6.3
CVE-2025-2044 MEDIUM
Blood Bank Management System 1.0 - SQL Injection via blood_id Parameter
CVSS 4.7
CVE-2025-2041 MEDIUM
s-a-zhd Ecommerce-Website-using-PHP 1.0 - SQL Injection via p_cat Parameter
CVSS 6.3
CVE-2025-25763 CRITICAL
crmeb CRMEB-KY < 5.4.0 - SQL Injection via getRead() in SystemDatabackupServices.php
CVSS 9.8
Details
Vulnerabilities 19,636
Exploit Likelihood High