CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,646 vulnerabilities with CWE-89
CVE-2025-1751
CRITICAL
CIGES 2.15.5 - SQL Injection via $idServicio Parameter
CVSS 9.8
CVE-2025-1726
MEDIUM
Esri ArcGIS Monitor <2024.x - SQL Injection
CVSS 4.3
CVE-2025-25462
MEDIUM
PHPGurukul Land Record System Project 1.0 - SQL Injection via propertytype Parameter
CVSS 5.5
CVE-2025-25521
CRITICAL
Seacms <= 13.3 - SQL Injection in admin_type_news.php
CVSS 9.8
CVE-2025-25520
CRITICAL
Seacms < 13.3 - SQL Injection in admin_pay.php
CVSS 9.8
CVE-2025-25519
CRITICAL
Seacms <= 13.3 - SQL Injection in admin_zyk.php
CVSS 9.8
CVE-2025-25517
CRITICAL
seacms <=13.3 - SQL Injection in admin_reslib.php
CVSS 9.8
CVE-2025-25516
CRITICAL
Seacms <= 13.3 - SQL Injection in admin_paylog.php
CVSS 9.8
CVE-2025-25515
HIGH
Seacms <=13.3 - Authenticated SQL Injection in admin_collect.php
CVSS 8.8
CVE-2025-25514
MEDIUM
seacms <=13.3 - SQL Injection in admin_collect_news.php
CVSS 6.5
CVE-2025-22211
LOW
JoomShopping <1.4.3 - SQL Injection
CVSS 3.4
CVE-2025-27135
CRITICAL
RAGFlow < 0.15.1 - SQL Injection via ExeSQL Component
CVSS 9.8
CVE-2025-26974
CRITICAL
WPExperts.io WP Multi Store Locator <2.5.1 - SQL Injection
CVSS 9.3
CVE-2025-26971
HIGH
Poll Maker <= 5.6.5 - Blind SQL Injection
CVSS 7.6
CVE-2025-26946
HIGH
jgwhite33 WP Yelp Review Slider <8.1 - SQL Injection
CVSS 7.6
CVE-2025-26943
CRITICAL
Jürgen Müller Easy Quotes <1.2.2 - SQL Injection
CVSS 9.3
CVE-2025-26915
HIGH
PickPlugins Wishlist <1.0.41 - SQL Injection
CVSS 8.5
CVE-2025-1648
HIGH
Yawave < 2.9.1 - Unauthenticated SQL Injection via lbid Parameter
CVSS 7.5
CVE-2025-22210
HIGH
Hikashop 3.3.0-5.1.4 - Authenticated SQL Injection in Category Management
CVSS 7.2
CVE-2025-1641
HIGH
Benner ModernaNet < 1.1.1 - SQL Injection via /AGE0000700/GetHorariosDoDia Endpoint
CVSS 7.3
CVE-2025-1640
HIGH
Benner ModernaNet < 1.1.1 - SQL Injection via JS_CarregaCombo Endpoint
CVSS 7.3
CVE-2025-22974
CRITICAL
SeaCMS < 13.2 - SQL Injection via DoTranExecSql Parameter
CVSS 9.8
CVE-2025-25513
CRITICAL
Seacms <= 13.3 - SQL Injection in admin_members.php
CVSS 9.8
CVE-2025-26533
HIGH
Moodle 4.1.0-4.1.15 and 4.5.0-beta-4.5.1 - SQL Injection in Course Search Module List Filter
CVSS 8.1
CVE-2025-27133
HIGH
WeGIA < 3.2.15 - Authenticated SQL Injection via adicionar_tipo_exame.php Endpoint
CVSS 8.8
Details
Vulnerabilities
19,646
Exploit Likelihood
High