CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,646 vulnerabilities with CWE-89
CVE-2025-1961 MEDIUM
SourceCodester Best Church Management Software 1.1 - SQL Injection
CVSS 6.3
CVE-2025-1959 HIGH
Codezips Gym Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-25426 HIGH
yshopmall <= 1.9.0 - SQL Injection in Image Listing Interface
CVSS 7.2
CVE-2025-1958 MEDIUM
aaluoxiang oa_system 1.0 - SQL Injection
CVSS 6.3
CVE-2025-1956 HIGH
code-projects Shopping Portal 1.0 - SQL Injection
CVSS 7.3
CVE-2025-26136 CRITICAL
mysiteforme < 2025-01-01 - SQL Injection
CVSS 9.8
CVE-2025-1954 HIGH
Human Metapneumovirus Testing Management System 1.0 - SQL Injection via Login Username Parameter
CVSS 7.3
CVE-2025-1952 HIGH
PHPGurukul Restaurant Table Booking System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-1906 MEDIUM
PHPGurukul Restaurant Table Booking System 1.0 - SQL Injection
CVSS 4.7
CVE-2025-1903 HIGH
Codezips Online Shopping Website 1.0 - SQL Injection
CVSS 7.3
CVE-2025-1902 HIGH
PHPGurukul Student Record System 3.2 - SQL Injection
CVSS 7.3
CVE-2025-1901 HIGH
PHPGurukul Restaurant Table Booking System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-1900 HIGH
PHPGurukul Restaurant Table Booking System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-1321 MEDIUM
teachPress <= 9.0.7 - Authenticated SQL Injection via tpsearch Shortcode Order Parameter
CVSS 6.5
CVE-2025-1894 HIGH
PHPGurukul Restaurant Table Booking System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-27268 CRITICAL
enituretechnology Small Package Quotes - Worldwide Express Edition ...
CVSS 9.3
CVE-2025-27263 HIGH
NotFound Doctor Appointment Booking <1.0.0 - SQL Injection
CVSS 8.5
CVE-2025-26988 CRITICAL
Cozy Vision SMS Alert Order Notifications <= 3.7.8 - SQL Injection
CVSS 9.3
CVE-2025-26535 CRITICAL
NotFound Bitcoin/AltCoin Payment Gateway for WooCommerce <1.7.6 - S...
CVSS 9.3
CVE-2025-25150 CRITICAL
Stylemix uListing <2.1.6 - SQL Injection
CVSS 9.3
CVE-2025-25112 HIGH
NotFound Social Links <1.2 - SQL Injection
CVSS 7.6
CVE-2025-1875 CRITICAL
best_online_news_portal 1.0 - SQL Injection via searchtitle Parameter
CVSS 9.8
CVE-2025-1874 CRITICAL
best_online_news_portal 1.0 - SQL Injection via Admin Add Category Description Parameter
CVSS 9.8
CVE-2025-1873 CRITICAL
best_online_news_portal 1.0 - SQL Injection via pagetitle and pagedescription Parameters
CVSS 9.8
CVE-2025-1872 CRITICAL
101news 1.0 - SQL Injection via sadminusername Parameter
CVSS 9.8
Details
Vulnerabilities 19,646
Exploit Likelihood High