CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,651 vulnerabilities with CWE-89
CVE-2025-1157
MEDIUM
Allims lab.online <20250201 - SQL Injection
CVSS 6.3
CVE-2025-1156
HIGH
Pix Software Vivaz 6.0.10 - SQL Injection
CVSS 7.3
CVE-2025-1154
MEDIUM
xxyopen Novel <3.4.1 - SQL Injection
CVSS 6.3
CVE-2025-1117
HIGH
CoinRemitter <0.0.1/0.0.2 - SQL Injection
CVSS 7.3
CVE-2025-1116
HIGH
Dreamvention Live AJAX Search Free <1.0.6 - SQL Injection
CVSS 7.3
CVE-2025-25151
HIGH
StylemixThemes uListing <2.1.6 - SQL Injection
CVSS 8.5
CVE-2025-25116
HIGH
Link to URL / Post <= 1.3 - Blind SQL Injection
CVSS 7.6
CVE-2025-22992
CRITICAL
emoncms < 11.6.9 - SQL Injection via Feed Insert Endpoint Data Parameter
CVSS 9.8
CVE-2025-22700
HIGH
NotFound Traveler Code <3.1.0 - SQL Injection
CVSS 8.5
CVE-2025-22699
CRITICAL
NotFound Traveler Code <3.1.0 - SQL Injection
CVSS 9.0
CVE-2025-22206
MEDIUM
JS Jobs 1.1.5-1.4.2 - Authenticated SQL Injection via GDPR Field Parameter
CVSS 4.7
CVE-2025-24958
HIGH
WeGIA < 3.2.12 - Authenticated SQL Injection via salvar_tag.php Endpoint
CVSS 8.8
CVE-2025-24957
CRITICAL
WeGia < 3.2.12 - Authenticated SQL Injection via get_detalhes_socio.php Endpoint
CVSS 9.8
CVE-2025-24906
CRITICAL
WeGia < 3.2.12 - Authenticated SQL Injection via get_detalhes_cobranca.php Endpoint
CVSS 9.8
CVE-2025-24905
CRITICAL
WeGIA < 3.2.12 - Authenticated SQL Injection via get_codigobarras_cobranca.php Endpoint
CVSS 9.8
CVE-2025-24902
HIGH
WeGIA < 3.2.12 - Authenticated SQL Injection via salvar_cargo.php Endpoint
CVSS 8.8
CVE-2025-24901
HIGH
WeGia < 3.2.12 - Authenticated SQL Injection via deletar_permissao.php Endpoint
CVSS 8.8
CVE-2025-25181
MEDIUM
KEV
Advantive VeraCore <2025.1.0 - SQL Injection
CVSS 5.8
CVE-2025-25064
HIGH
Zimbra Collaboration <10.0.12-10.1.4 - SQL Injection
CVSS 8.8
CVE-2025-22693
HIGH
Contest Gallery <= 25.1.0 - SQL Injection
CVSS 7.6
CVE-2025-22691
HIGH
WP Travel <= 10.1.3 - SQL Injection
CVSS 7.6
CVE-2025-0967
MEDIUM
Chat System 1.0 - SQL Injection via chatname/chatpass Parameter
CVSS 6.3
CVE-2025-0950
MEDIUM
Tailoring Management System 1.0 - SQL Injection via staffid Parameter in staffview.php
CVSS 6.3
CVE-2025-0949
MEDIUM
Tailoring Management System 1.0 - SQL Injection via partview.php typeid Parameter
CVSS 6.3
CVE-2025-0948
MEDIUM
Tailoring Management System 1.0 - SQL Injection via incview.php incid Parameter
CVSS 6.3
Details
Vulnerabilities
19,651
Exploit Likelihood
High