CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,651 vulnerabilities with CWE-89
CVE-2025-1374 MEDIUM
Real Estate Property Management System 1.0 - SQL Injection via StateName/CityName/AreaName/CatId Parameter
CVSS 6.3
CVE-2025-26755 HIGH
WP Airbnb Review Slider <3.9 - SQL Injection
CVSS 7.6
CVE-2025-22290 CRITICAL
enituretechnology LTL Freight Quotes - SQL Injection
CVSS 9.3
CVE-2025-1356 MEDIUM
needyamin Library Card System 1.0 - SQL Injection via card.php id Parameter
CVSS 6.3
CVE-2025-22209 MEDIUM
JS Jobs <1.1.5-1.4.3 - SQL Injection
CVSS 4.7
CVE-2025-22208 MEDIUM
JS Jobs <1.1.5-1.4.3 - SQL Injection
CVSS 4.7
CVE-2025-26157 MEDIUM
Beauty Parlour Management System V1.1 - SQL Injection via name POST Parameter
CVSS 5.9
CVE-2025-26156 HIGH
PHPGurukul Online Shopping Portal 2.1 - SQL Injection via orderid Parameter
CVSS 8.8
CVE-2025-25994 HIGH
FeMiner wms 1.0 - SQL Injection via Date and ID Parameters
CVSS 7.5
CVE-2025-25993 MEDIUM
FeMiner wms 1.0 - SQL Injection via itemid Parameter
CVSS 5.1
CVE-2025-25992 MEDIUM
FeMiner wms 1.0 - SQL Injection via inquire_inout_item.php
CVSS 5.1
CVE-2025-25991 MEDIUM
hoosk 1.7.1 - SQL Injection via /install/index.php
CVSS 5.1
CVE-2025-25206 HIGH
elabftw < 5.1.15 - Authenticated SQL Injection
CVSS 8.3
CVE-2025-0821 MEDIUM
Bit Assist < 1.5.3 - Authenticated Time-Based SQL Injection via 'id' Parameter
CVSS 6.5
CVE-2025-25389 CRITICAL
Phpgurukul Land Record System 1.0 - SQL Injection via Contact Number Parameter
CVSS 9.8
CVE-2025-25388 CRITICAL
PHPGurukul Land Record System 1.0 - SQL Injection via editid Parameter
CVSS 9.8
CVE-2025-25387 HIGH
PHPGurukul Land Record System 1.0 - SQL Injection via Property Type POST Parameter
CVSS 7.2
CVE-2025-25357 HIGH
PHPGurukul Land Record System 1.0 - SQL Injection via Email Parameter
CVSS 7.2
CVE-2025-25356 HIGH
PHPGurukul Land Record System 1.0 - SQL Injection via todate Parameter
CVSS 7.2
CVE-2025-25355 HIGH
PHPGurukul Land Record System 1.0 - SQL Injection via fromdate Parameter
CVSS 7.2
CVE-2025-25354 HIGH
PHPGurukul Land Record System 1.0 - SQL Injection via Contact Number Parameter
CVSS 7.2
CVE-2025-25352 HIGH
PHPGurukul Land Record System 1.0 - SQL Injection via /admin/aboutus.php pagetitle Parameter
CVSS 7.2
CVE-2025-1227 MEDIUM
yimioa < 2024-07-04 - SQL Injection in AddressDao.xml selectList Function
CVSS 6.3
CVE-2025-1224 MEDIUM
yimioa < 2024-07-04 - SQL Injection in UserMapper.xml listNameBySql Function
CVSS 6.3
CVE-2025-1216 MEDIUM
yimioa < 2024-07-04 - SQL Injection via OaNoticeMapper.xml sort Argument
CVSS 6.3
Details
Vulnerabilities 19,651
Exploit Likelihood High