CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,636 vulnerabilities with CWE-89
CVE-2025-2039 MEDIUM
code-projects Blood Bank Management System 1.0 - SQL Injection via member_id Parameter
CVSS 4.7
CVE-2025-2037 MEDIUM
code-projects Blood Bank Management System 1.0 - SQL Injection via requester_id Parameter
CVSS 6.3
CVE-2025-2036 MEDIUM
s-a-zhd Ecommerce-Website-using-PHP 1.0 - SQL Injection via details.php pro_id Parameter
CVSS 6.3
CVE-2025-2034 HIGH
PHPGurukul Pre-School Enrollment System 1.0 - SQL Injection via classname/capacity/classtiming Parameters
CVSS 7.3
CVE-2025-2033 MEDIUM
code-projects Blood Bank Management System 1.0 - SQL Injection via donor_id Parameter
CVSS 6.3
CVE-2025-2030 HIGH
Seeyon Zhiyuan Interconnect FE Collaborative Office Platform <20250...
CVSS 7.3
CVE-2025-22212 LOW
Convert Forms <4.4.9 - SQL Injection
CVSS 2.7
CVE-2025-1702 HIGH
Ultimate Member <2.10.0 - SQL Injection
CVSS 7.5
CVE-2025-27659 CRITICAL
Vasion Print < 20.0.1923 and Virtual Appliance < 22.0.843 - SQL Injection
CVSS 9.8
CVE-2025-27640 CRITICAL
Vasion Print < 20.0.2614 and Virtual Appliance < 22.0.1002 - SQL Injection
CVSS 9.8
CVE-2025-1966 HIGH
PHPGurukul Pre-School Enrollment System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-1965 HIGH
projectworlds Online Hotel Booking 1.0 - SQL Injection
CVSS 7.3
CVE-2025-1964 HIGH
projectworlds Online Hotel Booking 1.0 - SQL Injection
CVSS 7.3
CVE-2025-1963 HIGH
projectworlds Online Hotel Booking 1.0 - SQL Injection
CVSS 7.3
CVE-2025-1962 HIGH
projectworlds Online Hotel Booking 1.0 - SQL Injection
CVSS 7.3
CVE-2025-1961 MEDIUM
SourceCodester Best Church Management Software 1.1 - SQL Injection
CVSS 6.3
CVE-2025-1959 HIGH
Codezips Gym Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-25426 HIGH
yshopmall <= 1.9.0 - SQL Injection in Image Listing Interface
CVSS 7.2
CVE-2025-1958 MEDIUM
aaluoxiang oa_system 1.0 - SQL Injection
CVSS 6.3
CVE-2025-1956 HIGH
code-projects Shopping Portal 1.0 - SQL Injection
CVSS 7.3
CVE-2025-26136 CRITICAL
mysiteforme < 2025-01-01 - SQL Injection
CVSS 9.8
CVE-2025-1954 HIGH
Human Metapneumovirus Testing Management System 1.0 - SQL Injection via Login Username Parameter
CVSS 7.3
CVE-2025-1952 HIGH
PHPGurukul Restaurant Table Booking System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-1906 MEDIUM
PHPGurukul Restaurant Table Booking System 1.0 - SQL Injection
CVSS 4.7
CVE-2025-1903 HIGH
Codezips Online Shopping Website 1.0 - SQL Injection
CVSS 7.3
Details
Vulnerabilities 19,636
Exploit Likelihood High