CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,646 vulnerabilities with CWE-89
CVE-2025-1132
HIGH
ChurchCRM < 5.13.0 - Authenticated Time-Based Blind SQL Injection via EN_tyid Parameter
CVSS 8.8
CVE-2025-26617
CRITICAL
WeGIA < 3.2.14 - SQL Injection via historico_paciente.php Endpoint
CVSS 9.8
CVE-2025-26614
HIGH
WeGIA < 3.2.14 - Authenticated SQL Injection via deletar_documento.php Endpoint
CVSS 8.8
CVE-2025-26612
CRITICAL
WeGIA < 3.2.13 - SQL Injection via adicionar_almoxarife.php Endpoint
CVSS 9.8
CVE-2025-26611
CRITICAL
WeGia < 3.2.13 - SQL Injection via remover_produto.php Endpoint
CVSS 9.8
CVE-2025-26610
CRITICAL
WeGIA < 3.2.13 - Authenticated SQL Injection via restaurar_produto_desocultar.php Endpoint
CVSS 9.8
CVE-2025-26609
CRITICAL
WeGia < 3.2.13 - SQL Injection via familiar_docfamiliar.php Endpoint
CVSS 9.8
CVE-2025-26608
CRITICAL
WeGIA < 3.2.13 - SQL Injection via dependente_docdependente.php Endpoint
CVSS 9.8
CVE-2025-26607
CRITICAL
WeGia < 3.2.13 - SQL Injection via documento_excluir.php Endpoint
CVSS 9.8
CVE-2025-26606
CRITICAL
WeGia < 3.2.13 - SQL Injection via informacao_adicional.php Endpoint
CVSS 9.8
CVE-2025-26605
HIGH
WeGia < 3.2.13 - Authenticated SQL Injection via deletar_cargo.php Endpoint
CVSS 8.8
CVE-2025-22639
HIGH
NotFound Distance Rate Shipping for WooCommerce <1.3.4 - SQL Injection
CVSS 8.5
CVE-2025-22207
MEDIUM
Joomla! CMS 4.1.0-4.4.10 and 5.0.0-5.2.3 - SQL Injection in Scheduled Tasks Component
CVE-2025-1023
CRITICAL
ChurchCRM < 5.13.0 - Time-Based Blind SQL Injection via EditEventTypes newCountName Parameter
CVSS 9.8
CVE-2025-25222
CRITICAL
LuxCal Web Calendar <5.3.3M-5.3.3L - SQL Injection
CVSS 9.8
CVE-2025-25221
CRITICAL
LuxCal Web Calendar <5.3.3M/L - SQL Injection
CVSS 9.8
CVE-2025-1381
MEDIUM
Real Estate Property Management System 1.0 - SQL Injection via CityName Parameter in /ajax_city.php
CVSS 6.3
CVE-2025-1380
MEDIUM
Codezips Gym Management System 1.0 - SQL Injection via del_plan.php Name Parameter
CVSS 6.3
CVE-2025-1379
MEDIUM
Real Estate Property Management System 1.0 - SQL Injection via CustomerReport.php City Parameter
CVSS 6.3
CVE-2025-1389
HIGH
Orca HCM < 11.0 - Authenticated SQL Injection
CVSS 8.8
CVE-2025-1374
MEDIUM
Real Estate Property Management System 1.0 - SQL Injection via StateName/CityName/AreaName/CatId Parameter
CVSS 6.3
CVE-2025-26755
HIGH
WP Airbnb Review Slider <3.9 - SQL Injection
CVSS 7.6
CVE-2025-22290
CRITICAL
enituretechnology LTL Freight Quotes - SQL Injection
CVSS 9.3
CVE-2025-1356
MEDIUM
needyamin Library Card System 1.0 - SQL Injection via card.php id Parameter
CVSS 6.3
CVE-2025-22209
MEDIUM
JS Jobs <1.1.5-1.4.3 - SQL Injection
CVSS 4.7
Details
Vulnerabilities
19,646
Exploit Likelihood
High