CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,646 vulnerabilities with CWE-89
CVE-2025-1751 CRITICAL
CIGES 2.15.5 - SQL Injection via $idServicio Parameter
CVSS 9.8
CVE-2025-1726 MEDIUM
Esri ArcGIS Monitor <2024.x - SQL Injection
CVSS 4.3
CVE-2025-25462 MEDIUM
PHPGurukul Land Record System Project 1.0 - SQL Injection via propertytype Parameter
CVSS 5.5
CVE-2025-25521 CRITICAL
Seacms <= 13.3 - SQL Injection in admin_type_news.php
CVSS 9.8
CVE-2025-25520 CRITICAL
Seacms < 13.3 - SQL Injection in admin_pay.php
CVSS 9.8
CVE-2025-25519 CRITICAL
Seacms <= 13.3 - SQL Injection in admin_zyk.php
CVSS 9.8
CVE-2025-25517 CRITICAL
seacms <=13.3 - SQL Injection in admin_reslib.php
CVSS 9.8
CVE-2025-25516 CRITICAL
Seacms <= 13.3 - SQL Injection in admin_paylog.php
CVSS 9.8
CVE-2025-25515 HIGH
Seacms <=13.3 - Authenticated SQL Injection in admin_collect.php
CVSS 8.8
CVE-2025-25514 MEDIUM
seacms <=13.3 - SQL Injection in admin_collect_news.php
CVSS 6.5
CVE-2025-22211 LOW
JoomShopping <1.4.3 - SQL Injection
CVSS 3.4
CVE-2025-27135 CRITICAL
RAGFlow < 0.15.1 - SQL Injection via ExeSQL Component
CVSS 9.8
CVE-2025-26974 CRITICAL
WPExperts.io WP Multi Store Locator <2.5.1 - SQL Injection
CVSS 9.3
CVE-2025-26971 HIGH
Poll Maker <= 5.6.5 - Blind SQL Injection
CVSS 7.6
CVE-2025-26946 HIGH
jgwhite33 WP Yelp Review Slider <8.1 - SQL Injection
CVSS 7.6
CVE-2025-26943 CRITICAL
Jürgen Müller Easy Quotes <1.2.2 - SQL Injection
CVSS 9.3
CVE-2025-26915 HIGH
PickPlugins Wishlist <1.0.41 - SQL Injection
CVSS 8.5
CVE-2025-1648 HIGH
Yawave < 2.9.1 - Unauthenticated SQL Injection via lbid Parameter
CVSS 7.5
CVE-2025-22210 HIGH
Hikashop 3.3.0-5.1.4 - Authenticated SQL Injection in Category Management
CVSS 7.2
CVE-2025-1641 HIGH
Benner ModernaNet < 1.1.1 - SQL Injection via /AGE0000700/GetHorariosDoDia Endpoint
CVSS 7.3
CVE-2025-1640 HIGH
Benner ModernaNet < 1.1.1 - SQL Injection via JS_CarregaCombo Endpoint
CVSS 7.3
CVE-2025-22974 CRITICAL
SeaCMS < 13.2 - SQL Injection via DoTranExecSql Parameter
CVSS 9.8
CVE-2025-25513 CRITICAL
Seacms <= 13.3 - SQL Injection in admin_members.php
CVSS 9.8
CVE-2025-26533 HIGH
Moodle 4.1.0-4.1.15 and 4.5.0-beta-4.5.1 - SQL Injection in Course Search Module List Filter
CVSS 8.1
CVE-2025-27133 HIGH
WeGIA < 3.2.15 - Authenticated SQL Injection via adicionar_tipo_exame.php Endpoint
CVSS 8.8
Details
Vulnerabilities 19,646
Exploit Likelihood High