CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,651 vulnerabilities with CWE-89
CVE-2025-1374
MEDIUM
Real Estate Property Management System 1.0 - SQL Injection via StateName/CityName/AreaName/CatId Parameter
CVSS 6.3
CVE-2025-26755
HIGH
WP Airbnb Review Slider <3.9 - SQL Injection
CVSS 7.6
CVE-2025-22290
CRITICAL
enituretechnology LTL Freight Quotes - SQL Injection
CVSS 9.3
CVE-2025-1356
MEDIUM
needyamin Library Card System 1.0 - SQL Injection via card.php id Parameter
CVSS 6.3
CVE-2025-22209
MEDIUM
JS Jobs <1.1.5-1.4.3 - SQL Injection
CVSS 4.7
CVE-2025-22208
MEDIUM
JS Jobs <1.1.5-1.4.3 - SQL Injection
CVSS 4.7
CVE-2025-26157
MEDIUM
Beauty Parlour Management System V1.1 - SQL Injection via name POST Parameter
CVSS 5.9
CVE-2025-26156
HIGH
PHPGurukul Online Shopping Portal 2.1 - SQL Injection via orderid Parameter
CVSS 8.8
CVE-2025-25994
HIGH
FeMiner wms 1.0 - SQL Injection via Date and ID Parameters
CVSS 7.5
CVE-2025-25993
MEDIUM
FeMiner wms 1.0 - SQL Injection via itemid Parameter
CVSS 5.1
CVE-2025-25992
MEDIUM
FeMiner wms 1.0 - SQL Injection via inquire_inout_item.php
CVSS 5.1
CVE-2025-25991
MEDIUM
hoosk 1.7.1 - SQL Injection via /install/index.php
CVSS 5.1
CVE-2025-25206
HIGH
elabftw < 5.1.15 - Authenticated SQL Injection
CVSS 8.3
CVE-2025-0821
MEDIUM
Bit Assist < 1.5.3 - Authenticated Time-Based SQL Injection via 'id' Parameter
CVSS 6.5
CVE-2025-25389
CRITICAL
Phpgurukul Land Record System 1.0 - SQL Injection via Contact Number Parameter
CVSS 9.8
CVE-2025-25388
CRITICAL
PHPGurukul Land Record System 1.0 - SQL Injection via editid Parameter
CVSS 9.8
CVE-2025-25387
HIGH
PHPGurukul Land Record System 1.0 - SQL Injection via Property Type POST Parameter
CVSS 7.2
CVE-2025-25357
HIGH
PHPGurukul Land Record System 1.0 - SQL Injection via Email Parameter
CVSS 7.2
CVE-2025-25356
HIGH
PHPGurukul Land Record System 1.0 - SQL Injection via todate Parameter
CVSS 7.2
CVE-2025-25355
HIGH
PHPGurukul Land Record System 1.0 - SQL Injection via fromdate Parameter
CVSS 7.2
CVE-2025-25354
HIGH
PHPGurukul Land Record System 1.0 - SQL Injection via Contact Number Parameter
CVSS 7.2
CVE-2025-25352
HIGH
PHPGurukul Land Record System 1.0 - SQL Injection via /admin/aboutus.php pagetitle Parameter
CVSS 7.2
CVE-2025-1227
MEDIUM
yimioa < 2024-07-04 - SQL Injection in AddressDao.xml selectList Function
CVSS 6.3
CVE-2025-1224
MEDIUM
yimioa < 2024-07-04 - SQL Injection in UserMapper.xml listNameBySql Function
CVSS 6.3
CVE-2025-1216
MEDIUM
yimioa < 2024-07-04 - SQL Injection via OaNoticeMapper.xml sort Argument
CVSS 6.3
Details
Vulnerabilities
19,651
Exploit Likelihood
High