CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,646 vulnerabilities with CWE-89
CVE-2025-1871
CRITICAL
best_online_news_portal 1.0 - SQL Injection via Category and Subcategory Parameters
CVSS 9.8
CVE-2025-1870
CRITICAL
101news 1.0 - SQL Injection via Pagedescription Parameter
CVSS 9.8
CVE-2025-1869
CRITICAL
best_online_news_portal 1.0 - SQL Injection via Username Parameter
CVSS 9.8
CVE-2025-1859
HIGH
PHPGurukul News Portal 4.1 - SQL Injection
CVSS 7.3
CVE-2025-1858
HIGH
Codezips Online Shopping Website 1.0 - SQL Injection
CVSS 7.3
CVE-2025-1857
HIGH
PHPGurukul Nipah Virus Testing Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-1856
HIGH
Codezips Gym Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-1855
MEDIUM
PHPGurukul Online Shopping Portal 2.1 - SQL Injection
CVSS 6.3
CVE-2025-1854
MEDIUM
Codezips Gym Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-1850
HIGH
Codezips College Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-1844
MEDIUM
ESAFENET CDG 5.6.3.154.205_20250114 - SQL Injection
CVSS 6.3
CVE-2025-1843
MEDIUM
Mini-Tmall <20250211 - SQL Injection
CVSS 6.3
CVE-2025-1841
HIGH
ESAFENET CDG 5.6.3.154.205 - SQL Injection
CVSS 7.3
CVE-2025-1840
HIGH
ESAFENET CDG 5.6.3.154.205 - SQL Injection
CVSS 7.3
CVE-2025-1832
MEDIUM
zframeworks zz < 2024-8 - SQL Injection via roleid Parameter in getUserList Function
CVSS 6.3
CVE-2025-1831
MEDIUM
zframeworks zz < 2024-8 - SQL Injection via GetDBUser Function
CVSS 6.3
CVE-2025-1821
MEDIUM
zframeworks zz < 2024-8 - SQL Injection via getUserOrgForUserId Function
CVSS 6.3
CVE-2025-1820
MEDIUM
zframeworks zz < 2024-8 - SQL Injection via tableId Argument in getOaWid Function
CVSS 6.3
CVE-2025-1812
MEDIUM
zframeworks zz < 2024-8 - SQL Injection via GetUserOrg Function
CVSS 6.3
CVE-2025-1811
HIGH
AT Software Solutions ATSVD <3.4.1 - SQL Injection
CVSS 7.3
CVE-2025-1809
HIGH
Pixsoft Sol <7.6.6c - SQL Injection
CVSS 7.3
CVE-2025-1808
HIGH
Pixsoft E-Saphira 1.7.24 - SQL Injection
CVSS 7.3
CVE-2025-1797
MEDIUM
Hunan Zhonghe Baiyi Information Technology Baiyiyun Asset Managemen...
CVSS 6.3
CVE-2025-26047
MEDIUM
Loggrove v1.0 - SQL Injection in read.py
CVSS 5.1
CVE-2025-1572
MEDIUM
KiviCare - Clinic & Patient Management System (EHR) <= 3.6.7 - Authenticated SQL Injection via u_id Parameter
CVSS 6.5
Details
Vulnerabilities
19,646
Exploit Likelihood
High