CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,646 vulnerabilities with CWE-89
CVE-2025-1132 HIGH
ChurchCRM < 5.13.0 - Authenticated Time-Based Blind SQL Injection via EN_tyid Parameter
CVSS 8.8
CVE-2025-26617 CRITICAL
WeGIA < 3.2.14 - SQL Injection via historico_paciente.php Endpoint
CVSS 9.8
CVE-2025-26614 HIGH
WeGIA < 3.2.14 - Authenticated SQL Injection via deletar_documento.php Endpoint
CVSS 8.8
CVE-2025-26612 CRITICAL
WeGIA < 3.2.13 - SQL Injection via adicionar_almoxarife.php Endpoint
CVSS 9.8
CVE-2025-26611 CRITICAL
WeGia < 3.2.13 - SQL Injection via remover_produto.php Endpoint
CVSS 9.8
CVE-2025-26610 CRITICAL
WeGIA < 3.2.13 - Authenticated SQL Injection via restaurar_produto_desocultar.php Endpoint
CVSS 9.8
CVE-2025-26609 CRITICAL
WeGia < 3.2.13 - SQL Injection via familiar_docfamiliar.php Endpoint
CVSS 9.8
CVE-2025-26608 CRITICAL
WeGIA < 3.2.13 - SQL Injection via dependente_docdependente.php Endpoint
CVSS 9.8
CVE-2025-26607 CRITICAL
WeGia < 3.2.13 - SQL Injection via documento_excluir.php Endpoint
CVSS 9.8
CVE-2025-26606 CRITICAL
WeGia < 3.2.13 - SQL Injection via informacao_adicional.php Endpoint
CVSS 9.8
CVE-2025-26605 HIGH
WeGia < 3.2.13 - Authenticated SQL Injection via deletar_cargo.php Endpoint
CVSS 8.8
CVE-2025-22639 HIGH
NotFound Distance Rate Shipping for WooCommerce <1.3.4 - SQL Injection
CVSS 8.5
CVE-2025-22207 MEDIUM
Joomla! CMS 4.1.0-4.4.10 and 5.0.0-5.2.3 - SQL Injection in Scheduled Tasks Component
CVE-2025-1023 CRITICAL
ChurchCRM < 5.13.0 - Time-Based Blind SQL Injection via EditEventTypes newCountName Parameter
CVSS 9.8
CVE-2025-25222 CRITICAL
LuxCal Web Calendar <5.3.3M-5.3.3L - SQL Injection
CVSS 9.8
CVE-2025-25221 CRITICAL
LuxCal Web Calendar <5.3.3M/L - SQL Injection
CVSS 9.8
CVE-2025-1381 MEDIUM
Real Estate Property Management System 1.0 - SQL Injection via CityName Parameter in /ajax_city.php
CVSS 6.3
CVE-2025-1380 MEDIUM
Codezips Gym Management System 1.0 - SQL Injection via del_plan.php Name Parameter
CVSS 6.3
CVE-2025-1379 MEDIUM
Real Estate Property Management System 1.0 - SQL Injection via CustomerReport.php City Parameter
CVSS 6.3
CVE-2025-1389 HIGH
Orca HCM < 11.0 - Authenticated SQL Injection
CVSS 8.8
CVE-2025-1374 MEDIUM
Real Estate Property Management System 1.0 - SQL Injection via StateName/CityName/AreaName/CatId Parameter
CVSS 6.3
CVE-2025-26755 HIGH
WP Airbnb Review Slider <3.9 - SQL Injection
CVSS 7.6
CVE-2025-22290 CRITICAL
enituretechnology LTL Freight Quotes - SQL Injection
CVSS 9.3
CVE-2025-1356 MEDIUM
needyamin Library Card System 1.0 - SQL Injection via card.php id Parameter
CVSS 6.3
CVE-2025-22209 MEDIUM
JS Jobs <1.1.5-1.4.3 - SQL Injection
CVSS 4.7
Details
Vulnerabilities 19,646
Exploit Likelihood High