CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,651 vulnerabilities with CWE-89
CVE-2025-1210
MEDIUM
Wazifa System 1.0 - SQL Injection via control.php 'to' Parameter
CVSS 6.3
CVE-2025-25351
CRITICAL
PHPGurukul Daily Expense Tracker System v1.1 - SQL Injection via dateexpense Parameter
CVSS 9.8
CVE-2025-25349
CRITICAL
PHPGurukul Daily Expense Tracker System v1.1 - SQL Injection via costitem Parameter
CVSS 9.8
CVE-2025-1206
MEDIUM
Codezips Gym Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-1202
MEDIUM
SourceCodester Best Church Management Software 1.1 - SQL Injection
CVSS 6.3
CVE-2025-26348
MEDIUM
Q-Free MaxTime <= 2.11.0 - Authenticated SQL Injection via editUserMenu Endpoint
CVSS 5.5
CVE-2025-26346
MEDIUM
Q-Free MaxTime <= 2.11.0 - Authenticated SQL Injection via editUserGroupMenu Endpoint
CVSS 5.5
CVE-2025-1201
MEDIUM
SourceCodester Best Church Management Software 1.1 - SQL Injection
CVSS 6.3
CVE-2025-1200
MEDIUM
SourceCodester Best Church Management Software 1.1 - SQL Injection
CVSS 6.3
CVE-2025-1199
MEDIUM
Best Church Management Software 1.1 - SQL Injection via role_crud.php id Parameter
CVSS 6.3
CVE-2025-1197
MEDIUM
Real Estate Property Management System 1.0 - SQL Injection via userhash Parameter
CVSS 6.3
CVE-2025-1192
MEDIUM
Multi Restaurant Table Reservation System 1.0 - SQL Injection via select-menu.php table parameter
CVSS 6.3
CVE-2025-1191
MEDIUM
Multi Restaurant Table Reservation System 1.0 - SQL Injection via breject_id Parameter
CVSS 6.3
CVE-2025-1189
MEDIUM
1000 Projects Attendance Tracking Management System 1.0 - SQL Injection via course_id Parameter
CVSS 6.3
CVE-2025-1188
MEDIUM
Codezips Gym Management System 1.0 - SQL Injection via /dashboard/admin/updateroutine.php tid Parameter
CVSS 6.3
CVE-2025-1185
MEDIUM
PiHome MaxAir - SQL Injection via /ajax.php GetModal_Sensor_Graph Parameter
CVSS 6.3
CVE-2025-26520
HIGH
Cacti < 1.2.29 - SQL Injection via Graph Template Parameter
CVSS 7.6
CVE-2025-1184
MEDIUM
PiHome 1.77 - SQL Injection via /ajax.php GetModal_MQTTEdit id Parameter
CVSS 6.3
CVE-2025-1183
MEDIUM
CodeZips Gym Management System 1.0 - SQL Injection via login_id Parameter
CVSS 6.3
CVE-2025-1173
MEDIUM
1000 Projects Bookstore Management System 1.0 - SQL Injection via process_users_del.php id Parameter
CVSS 4.7
CVE-2025-1172
MEDIUM
1000 Projects Bookstore Management System 1.0 - SQL Injection via addtocart.php bcid Parameter
CVSS 6.3
CVE-2025-1168
MEDIUM
Contact Manager with Export to VCF 1.0 - SQL Injection via contact Parameter in delete-contact.php
CVSS 6.3
CVE-2025-1167
MEDIUM
Mayuri K Employee Management System <= 192.168.70.3 - SQL Injection via Update_User.php id Parameter
CVSS 6.3
CVE-2025-1162
MEDIUM
Job Recruitment 1.0 - SQL Injection via userhash Parameter in load_user-profile.php
CVSS 6.3
CVE-2025-1158
MEDIUM
ESAFENET CDG 5.6.3.154.205_20250114 - SQL Injection
CVSS 6.3
Details
Vulnerabilities
19,651
Exploit Likelihood
High