CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,651 vulnerabilities with CWE-89
CVE-2025-0947 MEDIUM
Tailoring Management System 1.0 - SQL Injection via expview.php expid Parameter
CVSS 6.3
CVE-2025-0946 MEDIUM
Tailoring Management System 1.0 - SQL Injection via templatedelete.php id Parameter
CVSS 6.3
CVE-2025-0945 MEDIUM
Tailoring Management System 1.0 - SQL Injection via typedelete.php id Parameter
CVSS 6.3
CVE-2025-0944 MEDIUM
Tailoring Management System 1.0 - SQL Injection via customerview.php id Parameter
CVSS 6.3
CVE-2025-0943 MEDIUM
Tailoring Management System 1.0 - SQL Injection via deldoc.php id Parameter
CVSS 6.3
CVE-2025-0934 MEDIUM
Job Recruitment 1.0 - SQL Injection via n Argument in /parse/_call_job_search_ajax.php
CVSS 6.3
CVE-2025-22957 CRITICAL
ZZCMS <= 2023 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2025-0929 CRITICAL
TeamCal Neo 3.8.2 - SQL Injection via 'abs' Parameter
CVSS 9.8
CVE-2025-0882 MEDIUM
Chat System <= 1.0 - SQL Injection via User Parameter in addnewmember.php
CVSS 6.3
CVE-2025-0881 MEDIUM
Codezips Gym Management System 1.0 - SQL Injection via rname Parameter in saveroutine.php
CVSS 6.3
CVE-2025-0880 MEDIUM
Codezips Gym Management System 1.0 - SQL Injection via planid Parameter
CVSS 6.3
CVE-2025-0874 MEDIUM
Simple Car Rental System 1.0 - SQL Injection via /admin/approve.php id Parameter
CVSS 6.3
CVE-2025-0873 MEDIUM
Tailoring Management System 1.0 - SQL Injection via Customer Edit Parameters
CVSS 6.3
CVE-2025-0872 MEDIUM
Tailoring Management System 1.0 - SQL Injection via addpayment.php id/amount/desc/inccat Parameters
CVSS 6.3
CVE-2025-0861 MEDIUM
VR-Frases < 3.0.1 - Unauthenticated SQL Injection via User Supplied Parameters
CVSS 4.9
CVE-2025-0847 HIGH
1000 Projects Employee Task Management System 1.0 - SQL Injection via Login Email Parameter
CVSS 7.3
CVE-2025-0846 HIGH
1000 Projects Employee Task Management System 1.0 - SQL Injection via AdminLogin.php Email Parameter
CVSS 7.3
CVE-2025-0843 HIGH
needyamin Library Card System 1.0 - SQL Injection via Admin Panel Email/Password Argument
CVSS 7.3
CVE-2025-0842 HIGH
needyamin Library Card System 1.0 - SQL Injection via Admin Login
CVSS 7.3
CVE-2025-24793 HIGH
Snowflake Connector for Python 2.2.5-3.13.0 - SQL Injection in pandas_tools Module
CVSS 7.0
CVE-2025-0803 HIGH
Codezips Gym Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-0793 MEDIUM
ESAFENET CDG V5 - SQL Injection via /todoDetail.jsp flowId Parameter
CVSS 6.3
CVE-2025-0792 MEDIUM
ESAFENET CDG V5 - SQL Injection via /sdTodoDetail.jsp flowId Parameter
CVSS 6.3
CVE-2025-0791 MEDIUM
ESAFENET CDG V5 - SQL Injection via /sdDoneDetail.jsp flowId Parameter
CVSS 6.3
CVE-2025-0789 MEDIUM
ESAFENET CDG V5 - SQL Injection via flowId Parameter in doneDetail.jsp
CVSS 6.3
Details
Vulnerabilities 19,651
Exploit Likelihood High