CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,646 vulnerabilities with CWE-89
CVE-2025-26200 HIGH
SLIMS 9.6.1 - SQL Injection via visitor_report_day.php month Parameter
CVSS 7.2
CVE-2025-27312 HIGH
Jenst WP Sitemap <1.0 - SQL Injection
CVSS 8.5
CVE-2025-27297 HIGH
Bravo Search & Replace <1.0 - SQL Injection
CVSS 7.6
CVE-2025-24490 CRITICAL
Mattermost 9.11.0-9.11.7, 10.2.0-10.2.2, 10.3.0-10.3.2, 10.4.0-10.4.1 - SQL Injection via Boards Reordering
CVSS 9.6
CVE-2025-1596 HIGH
Best Church Management Software 1.0 - SQL Injection via Email Parameter in fpassword.php
CVSS 7.3
CVE-2025-1583 MEDIUM
PHPGurukul Online Nurse Hiring System 1.0 - SQL Injection via searchinput Parameter
CVSS 6.3
CVE-2025-1582 MEDIUM
PHPGurukul Online Nurse Hiring System 1.0 - SQL Injection via /admin/all-request.php viewid Parameter
CVSS 6.3
CVE-2025-1581 MEDIUM
PHPGurukul Online Nurse Hiring System 1.0 - SQL Injection via book-nurse.php contactname Parameter
CVSS 6.3
CVE-2025-1580 MEDIUM
PHPGurukul Nipah Virus Testing Management System 1.0 - SQL Injection via searchdata Parameter
CVSS 6.3
CVE-2025-1578 MEDIUM
PHPGurukul Online Shopping Portal 2.1 - SQL Injection via Product Parameter in search-result.php
CVSS 6.3
CVE-2025-1576 MEDIUM
Real Estate Property Management System 1.0 - SQL Injection via StateName Parameter in /ajax_state.php
CVSS 6.3
CVE-2025-25878 LOW
ITSourcecode Simple ChatBox <= 1.0 - SQL Injection via /del.php
CVSS 3.8
CVE-2025-25877 LOW
ITSourcecode Simple ChatBox <= 1.0 - SQL Injection in admin.php
CVSS 3.8
CVE-2025-25876 HIGH
ITSourcecode Simple ChatBox <= 1.0 - SQL Injection via delete.php
CVSS 7.2
CVE-2025-25875 MEDIUM
ITSourcecode Simple ChatBox <= 1.0 - SQL Injection in message.php
CVSS 6.4
CVE-2025-1544 MEDIUM
dingfanzu CMS <20250210 - SQL Injection
CVSS 6.3
CVE-2025-1537 MEDIUM
Harpia DiagSystem 12 - SQL Injection
CVSS 6.3
CVE-2025-26794 HIGH
Exim 4.98 - Remote SQL Injection via SQLite Hints and ETRN Serialization
CVSS 7.5
CVE-2025-1535 HIGH
Baiyi Cloud Asset Management System <8.142.100.161 - SQL Injection
CVSS 7.3
CVE-2025-27096 CRITICAL
WeGIA < 3.2.14 - Authenticated SQL Injection via personalizacao_upload.php Endpoint
CVSS 9.8
CVE-2025-0866 MEDIUM
Legoeso PDF Manager <= 1.2.2 - Authenticated Time-Based SQL Injection via checkedVals Parameter
CVSS 6.5
CVE-2025-1464 HIGH
Baiyi Cloud Asset Management System <20250204 - SQL Injection
CVSS 7.3
CVE-2025-1135 HIGH
ChurchCRM < 5.13.0 - Authenticated SQL Injection via BatchWinnerEntry CurrentFundraiser Parameter
CVSS 7.2
CVE-2025-1134 HIGH
ChurchCRM < 5.13.0 - Authenticated SQL Injection via DonatedItemEditor CurrentFundraiser Parameter
CVSS 7.2
CVE-2025-1133 HIGH
ChurchCRM < 5.13.0 - Authenticated SQL Injection via EditEventAttendees EID Parameter
CVSS 7.2
Details
Vulnerabilities 19,646
Exploit Likelihood High