CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,646 vulnerabilities with CWE-89
CVE-2025-1871 CRITICAL
best_online_news_portal 1.0 - SQL Injection via Category and Subcategory Parameters
CVSS 9.8
CVE-2025-1870 CRITICAL
101news 1.0 - SQL Injection via Pagedescription Parameter
CVSS 9.8
CVE-2025-1869 CRITICAL
best_online_news_portal 1.0 - SQL Injection via Username Parameter
CVSS 9.8
CVE-2025-1859 HIGH
PHPGurukul News Portal 4.1 - SQL Injection
CVSS 7.3
CVE-2025-1858 HIGH
Codezips Online Shopping Website 1.0 - SQL Injection
CVSS 7.3
CVE-2025-1857 HIGH
PHPGurukul Nipah Virus Testing Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-1856 HIGH
Codezips Gym Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-1855 MEDIUM
PHPGurukul Online Shopping Portal 2.1 - SQL Injection
CVSS 6.3
CVE-2025-1854 MEDIUM
Codezips Gym Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-1850 HIGH
Codezips College Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-1844 MEDIUM
ESAFENET CDG 5.6.3.154.205_20250114 - SQL Injection
CVSS 6.3
CVE-2025-1843 MEDIUM
Mini-Tmall <20250211 - SQL Injection
CVSS 6.3
CVE-2025-1841 HIGH
ESAFENET CDG 5.6.3.154.205 - SQL Injection
CVSS 7.3
CVE-2025-1840 HIGH
ESAFENET CDG 5.6.3.154.205 - SQL Injection
CVSS 7.3
CVE-2025-1832 MEDIUM
zframeworks zz < 2024-8 - SQL Injection via roleid Parameter in getUserList Function
CVSS 6.3
CVE-2025-1831 MEDIUM
zframeworks zz < 2024-8 - SQL Injection via GetDBUser Function
CVSS 6.3
CVE-2025-1821 MEDIUM
zframeworks zz < 2024-8 - SQL Injection via getUserOrgForUserId Function
CVSS 6.3
CVE-2025-1820 MEDIUM
zframeworks zz < 2024-8 - SQL Injection via tableId Argument in getOaWid Function
CVSS 6.3
CVE-2025-1812 MEDIUM
zframeworks zz < 2024-8 - SQL Injection via GetUserOrg Function
CVSS 6.3
CVE-2025-1811 HIGH
AT Software Solutions ATSVD <3.4.1 - SQL Injection
CVSS 7.3
CVE-2025-1809 HIGH
Pixsoft Sol <7.6.6c - SQL Injection
CVSS 7.3
CVE-2025-1808 HIGH
Pixsoft E-Saphira 1.7.24 - SQL Injection
CVSS 7.3
CVE-2025-1797 MEDIUM
Hunan Zhonghe Baiyi Information Technology Baiyiyun Asset Managemen...
CVSS 6.3
CVE-2025-26047 MEDIUM
Loggrove v1.0 - SQL Injection in read.py
CVSS 5.1
CVE-2025-1572 MEDIUM
KiviCare - Clinic & Patient Management System (EHR) <= 3.6.7 - Authenticated SQL Injection via u_id Parameter
CVSS 6.5
Details
Vulnerabilities 19,646
Exploit Likelihood High