CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,409 vulnerabilities with CWE-89
CVE-2026-7148
MEDIUM
CodeAstro Online Classroom addnewfaculty sql injection
CVSS 6.3
CVE-2026-7143
MEDIUM
1000 Projects Portfolio Management System MCA block_status.php sql injection
CVSS 6.3
CVE-2026-41462
CRITICAL
ProjeQtor < 12.4.4 Unauthenticated SQL Injection via Login
CVSS 9.8
CVE-2026-7131
HIGH
code-projects Online Lot Reservation System loginuser.php sql injection
CVSS 7.3
CVE-2026-7130
HIGH
SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection
CVSS 7.3
CVE-2026-7128
HIGH
SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection
CVSS 7.3
CVE-2026-7127
HIGH
SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection
CVSS 7.3
CVE-2026-7126
HIGH
SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection
CVSS 7.3
CVE-2026-7118
MEDIUM
code-projects Employee Management System cancel.php sql injection
CVSS 6.3
CVE-2026-7117
MEDIUM
code-projects Employee Management System approve.php sql injection
CVSS 6.3
CVE-2026-7115
MEDIUM
code-projects Employee Management System delete.php sql injection
CVSS 6.3
CVE-2026-7114
MEDIUM
code-projects Employee Management System edit.php sql injection
CVSS 6.3
CVE-2026-22336
CRITICAL
WordPress Directorist Booking plugin < 3.0.2 - SQL Injection vulnerability
CVSS 9.3
CVE-2026-7088
HIGH
SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection
CVSS 7.3
CVE-2026-7087
HIGH
SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection
CVSS 7.3
CVE-2026-7083
MEDIUM
likeadmin-likeshop likeadmin_php dataTable Admin API DataTableLists.php queryResult sql injection
CVSS 4.7
CVE-2026-7077
HIGH
itsourcecode Courier Management System edit_parcel.php sql injection
CVSS 7.3
CVE-2026-7076
HIGH
itsourcecode Courier Management System edit_branch.php sql injection
CVSS 7.3
CVE-2026-7075
HIGH
itsourcecode Construction Management System locations.php sql injection
CVSS 7.3
CVE-2026-7074
HIGH
itsourcecode Construction Management System execute1.php sql injection
CVSS 7.3
CVE-2026-7073
HIGH
itsourcecode Construction Management System execute.php sql injection
CVSS 7.3
CVE-2026-7072
HIGH
CodePanda Source canteen_management_system login.php sql injection
CVSS 7.3
CVE-2026-7070
HIGH
code-projects Inventory Management System Login sql injection
CVSS 7.3
CVE-2026-7063
HIGH
code-projects Employee Management System Endpoint eprocess.php sql injection
CVSS 7.3
CVE-2026-7060
HIGH
liyupi yu-picture MyBatis-Plus PictureServiceImpl.java PageRequest sql injection
CVSS 7.3
Details
Vulnerabilities
19,409
Exploit Likelihood
High