CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,636 vulnerabilities with CWE-89
CVE-2025-2113
HIGH
AT Software Solutions ATSVD <3.4.1 - SQL Injection
CVSS 7.3
CVE-2025-2112
MEDIUM
user-xiangpeng yaoqishan < 2020-02-29 - SQL Injection via getMediaLisByFilter typeId Parameter
CVSS 6.3
CVE-2025-1323
HIGH
WP-Recall < 16.26.10 - Unauthenticated SQL Injection via Databeat Parameter
CVSS 7.5
CVE-2025-2088
HIGH
PHPGurukul Pre-School Enrollment System <= 1.0 - SQL Injection via Profile Parameter Manipulation
CVSS 7.3
CVE-2025-1768
MEDIUM
SEO Plugin by Squirrly SEO < 12.4.06 - Authenticated Blind SQL Injection via Search Parameter
CVSS 6.5
CVE-2025-0959
HIGH
Eventer - WordPress Event & Booking Manager Plugin <= 3.9.9.2 - Authenticated SQL Injection via reg_id Parameter
CVSS 8.8
CVE-2025-2067
HIGH
projectworlds Life Insurance Management System 1.0 - SQL Injection via search.php key Parameter
CVSS 7.3
CVE-2025-2066
HIGH
projectworlds Life Insurance Management System 1.0 - SQL Injection via agent_id Parameter
CVSS 7.3
CVE-2025-2065
HIGH
projectworlds Life Insurance Management System 1.0 - SQL Injection via /editAgent.php agent_id Parameter
CVSS 7.3
CVE-2025-2064
HIGH
projectworlds Life Insurance Management System 1.0 - SQL Injection via recipt_no Parameter
CVSS 7.3
CVE-2025-2063
HIGH
projectworlds Life Insurance Management System 1.0 - SQL Injection via /deleteNominee.php nominee_id Parameter
CVSS 7.3
CVE-2025-2062
HIGH
projectworlds Life Insurance Management System 1.0 - SQL Injection via client_id Parameter in clientStatus.php
CVSS 7.3
CVE-2025-2060
HIGH
PHPGurukul Emergency Ambulance Hiring Portal 1.0 - SQL Injection via Admin Profile Contact Number Parameter
CVSS 7.3
CVE-2025-2059
HIGH
PHPGurukul Emergency Ambulance Hiring Portal 1.0 - SQL Injection via ambulanceregnum Parameter
CVSS 7.3
CVE-2025-2058
HIGH
PHPGurukul Emergency Ambulance Hiring Portal 1.0 - SQL Injection via searchdata Parameter
CVSS 7.3
CVE-2025-2057
HIGH
PHPGurukul Emergency Ambulance Hiring Portal 1.0 - SQL Injection via pagedes Parameter
CVSS 7.3
CVE-2025-2054
MEDIUM
code-projects Blood Bank Management System 1.0 - SQL Injection via state_id Parameter in edit_state.php
CVSS 4.7
CVE-2025-2053
MEDIUM
PHPGurukul Apartment Visitors Management System 1.0 - SQL Injection via editid Parameter
CVSS 6.3
CVE-2025-2052
MEDIUM
PHPGurukul Apartment Visitors Management System 1.0 - SQL Injection via Forgot Password Contact Number Parameter
CVSS 6.3
CVE-2025-2051
MEDIUM
PHPGurukul Apartment Visitors Management System 1.0 - SQL Injection via searchdata Parameter
CVSS 6.3
CVE-2025-2050
HIGH
PHPGurukul User Registration & Login and User Management System 3.3 - SQL Injection via Email Parameter in Login
CVSS 7.3
CVE-2025-2046
MEDIUM
Best Employee Management System 1.0 - SQL Injection via /admin/print1.php id Parameter
CVSS 6.3
CVE-2025-2044
MEDIUM
Blood Bank Management System 1.0 - SQL Injection via blood_id Parameter
CVSS 4.7
CVE-2025-2041
MEDIUM
s-a-zhd Ecommerce-Website-using-PHP 1.0 - SQL Injection via p_cat Parameter
CVSS 6.3
CVE-2025-25763
CRITICAL
crmeb CRMEB-KY < 5.4.0 - SQL Injection via getRead() in SystemDatabackupServices.php
CVSS 9.8
Details
Vulnerabilities
19,636
Exploit Likelihood
High