CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,651 vulnerabilities with CWE-89
CVE-2025-1157 MEDIUM
Allims lab.online <20250201 - SQL Injection
CVSS 6.3
CVE-2025-1156 HIGH
Pix Software Vivaz 6.0.10 - SQL Injection
CVSS 7.3
CVE-2025-1154 MEDIUM
xxyopen Novel <3.4.1 - SQL Injection
CVSS 6.3
CVE-2025-1117 HIGH
CoinRemitter <0.0.1/0.0.2 - SQL Injection
CVSS 7.3
CVE-2025-1116 HIGH
Dreamvention Live AJAX Search Free <1.0.6 - SQL Injection
CVSS 7.3
CVE-2025-25151 HIGH
StylemixThemes uListing <2.1.6 - SQL Injection
CVSS 8.5
CVE-2025-25116 HIGH
Link to URL / Post <= 1.3 - Blind SQL Injection
CVSS 7.6
CVE-2025-22992 CRITICAL
emoncms < 11.6.9 - SQL Injection via Feed Insert Endpoint Data Parameter
CVSS 9.8
CVE-2025-22700 HIGH
NotFound Traveler Code <3.1.0 - SQL Injection
CVSS 8.5
CVE-2025-22699 CRITICAL
NotFound Traveler Code <3.1.0 - SQL Injection
CVSS 9.0
CVE-2025-22206 MEDIUM
JS Jobs 1.1.5-1.4.2 - Authenticated SQL Injection via GDPR Field Parameter
CVSS 4.7
CVE-2025-24958 HIGH
WeGIA < 3.2.12 - Authenticated SQL Injection via salvar_tag.php Endpoint
CVSS 8.8
CVE-2025-24957 CRITICAL
WeGia < 3.2.12 - Authenticated SQL Injection via get_detalhes_socio.php Endpoint
CVSS 9.8
CVE-2025-24906 CRITICAL
WeGia < 3.2.12 - Authenticated SQL Injection via get_detalhes_cobranca.php Endpoint
CVSS 9.8
CVE-2025-24905 CRITICAL
WeGIA < 3.2.12 - Authenticated SQL Injection via get_codigobarras_cobranca.php Endpoint
CVSS 9.8
CVE-2025-24902 HIGH
WeGIA < 3.2.12 - Authenticated SQL Injection via salvar_cargo.php Endpoint
CVSS 8.8
CVE-2025-24901 HIGH
WeGia < 3.2.12 - Authenticated SQL Injection via deletar_permissao.php Endpoint
CVSS 8.8
CVE-2025-25181 MEDIUM KEV
Advantive VeraCore <2025.1.0 - SQL Injection
CVSS 5.8
CVE-2025-25064 HIGH
Zimbra Collaboration <10.0.12-10.1.4 - SQL Injection
CVSS 8.8
CVE-2025-22693 HIGH
Contest Gallery <= 25.1.0 - SQL Injection
CVSS 7.6
CVE-2025-22691 HIGH
WP Travel <= 10.1.3 - SQL Injection
CVSS 7.6
CVE-2025-0967 MEDIUM
Chat System 1.0 - SQL Injection via chatname/chatpass Parameter
CVSS 6.3
CVE-2025-0950 MEDIUM
Tailoring Management System 1.0 - SQL Injection via staffid Parameter in staffview.php
CVSS 6.3
CVE-2025-0949 MEDIUM
Tailoring Management System 1.0 - SQL Injection via partview.php typeid Parameter
CVSS 6.3
CVE-2025-0948 MEDIUM
Tailoring Management System 1.0 - SQL Injection via incview.php incid Parameter
CVSS 6.3
Details
Vulnerabilities 19,651
Exploit Likelihood High