CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,646 vulnerabilities with CWE-89
CVE-2025-26200
HIGH
SLIMS 9.6.1 - SQL Injection via visitor_report_day.php month Parameter
CVSS 7.2
CVE-2025-27312
HIGH
Jenst WP Sitemap <1.0 - SQL Injection
CVSS 8.5
CVE-2025-27297
HIGH
Bravo Search & Replace <1.0 - SQL Injection
CVSS 7.6
CVE-2025-24490
CRITICAL
Mattermost 9.11.0-9.11.7, 10.2.0-10.2.2, 10.3.0-10.3.2, 10.4.0-10.4.1 - SQL Injection via Boards Reordering
CVSS 9.6
CVE-2025-1596
HIGH
Best Church Management Software 1.0 - SQL Injection via Email Parameter in fpassword.php
CVSS 7.3
CVE-2025-1583
MEDIUM
PHPGurukul Online Nurse Hiring System 1.0 - SQL Injection via searchinput Parameter
CVSS 6.3
CVE-2025-1582
MEDIUM
PHPGurukul Online Nurse Hiring System 1.0 - SQL Injection via /admin/all-request.php viewid Parameter
CVSS 6.3
CVE-2025-1581
MEDIUM
PHPGurukul Online Nurse Hiring System 1.0 - SQL Injection via book-nurse.php contactname Parameter
CVSS 6.3
CVE-2025-1580
MEDIUM
PHPGurukul Nipah Virus Testing Management System 1.0 - SQL Injection via searchdata Parameter
CVSS 6.3
CVE-2025-1578
MEDIUM
PHPGurukul Online Shopping Portal 2.1 - SQL Injection via Product Parameter in search-result.php
CVSS 6.3
CVE-2025-1576
MEDIUM
Real Estate Property Management System 1.0 - SQL Injection via StateName Parameter in /ajax_state.php
CVSS 6.3
CVE-2025-25878
LOW
ITSourcecode Simple ChatBox <= 1.0 - SQL Injection via /del.php
CVSS 3.8
CVE-2025-25877
LOW
ITSourcecode Simple ChatBox <= 1.0 - SQL Injection in admin.php
CVSS 3.8
CVE-2025-25876
HIGH
ITSourcecode Simple ChatBox <= 1.0 - SQL Injection via delete.php
CVSS 7.2
CVE-2025-25875
MEDIUM
ITSourcecode Simple ChatBox <= 1.0 - SQL Injection in message.php
CVSS 6.4
CVE-2025-1544
MEDIUM
dingfanzu CMS <20250210 - SQL Injection
CVSS 6.3
CVE-2025-1537
MEDIUM
Harpia DiagSystem 12 - SQL Injection
CVSS 6.3
CVE-2025-26794
HIGH
Exim 4.98 - Remote SQL Injection via SQLite Hints and ETRN Serialization
CVSS 7.5
CVE-2025-1535
HIGH
Baiyi Cloud Asset Management System <8.142.100.161 - SQL Injection
CVSS 7.3
CVE-2025-27096
CRITICAL
WeGIA < 3.2.14 - Authenticated SQL Injection via personalizacao_upload.php Endpoint
CVSS 9.8
CVE-2025-0866
MEDIUM
Legoeso PDF Manager <= 1.2.2 - Authenticated Time-Based SQL Injection via checkedVals Parameter
CVSS 6.5
CVE-2025-1464
HIGH
Baiyi Cloud Asset Management System <20250204 - SQL Injection
CVSS 7.3
CVE-2025-1135
HIGH
ChurchCRM < 5.13.0 - Authenticated SQL Injection via BatchWinnerEntry CurrentFundraiser Parameter
CVSS 7.2
CVE-2025-1134
HIGH
ChurchCRM < 5.13.0 - Authenticated SQL Injection via DonatedItemEditor CurrentFundraiser Parameter
CVSS 7.2
CVE-2025-1133
HIGH
ChurchCRM < 5.13.0 - Authenticated SQL Injection via EditEventAttendees EID Parameter
CVSS 7.2
Details
Vulnerabilities
19,646
Exploit Likelihood
High