CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,651 vulnerabilities with CWE-89
CVE-2025-0947
MEDIUM
Tailoring Management System 1.0 - SQL Injection via expview.php expid Parameter
CVSS 6.3
CVE-2025-0946
MEDIUM
Tailoring Management System 1.0 - SQL Injection via templatedelete.php id Parameter
CVSS 6.3
CVE-2025-0945
MEDIUM
Tailoring Management System 1.0 - SQL Injection via typedelete.php id Parameter
CVSS 6.3
CVE-2025-0944
MEDIUM
Tailoring Management System 1.0 - SQL Injection via customerview.php id Parameter
CVSS 6.3
CVE-2025-0943
MEDIUM
Tailoring Management System 1.0 - SQL Injection via deldoc.php id Parameter
CVSS 6.3
CVE-2025-0934
MEDIUM
Job Recruitment 1.0 - SQL Injection via n Argument in /parse/_call_job_search_ajax.php
CVSS 6.3
CVE-2025-22957
CRITICAL
ZZCMS <= 2023 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2025-0929
CRITICAL
TeamCal Neo 3.8.2 - SQL Injection via 'abs' Parameter
CVSS 9.8
CVE-2025-0882
MEDIUM
Chat System <= 1.0 - SQL Injection via User Parameter in addnewmember.php
CVSS 6.3
CVE-2025-0881
MEDIUM
Codezips Gym Management System 1.0 - SQL Injection via rname Parameter in saveroutine.php
CVSS 6.3
CVE-2025-0880
MEDIUM
Codezips Gym Management System 1.0 - SQL Injection via planid Parameter
CVSS 6.3
CVE-2025-0874
MEDIUM
Simple Car Rental System 1.0 - SQL Injection via /admin/approve.php id Parameter
CVSS 6.3
CVE-2025-0873
MEDIUM
Tailoring Management System 1.0 - SQL Injection via Customer Edit Parameters
CVSS 6.3
CVE-2025-0872
MEDIUM
Tailoring Management System 1.0 - SQL Injection via addpayment.php id/amount/desc/inccat Parameters
CVSS 6.3
CVE-2025-0861
MEDIUM
VR-Frases < 3.0.1 - Unauthenticated SQL Injection via User Supplied Parameters
CVSS 4.9
CVE-2025-0847
HIGH
1000 Projects Employee Task Management System 1.0 - SQL Injection via Login Email Parameter
CVSS 7.3
CVE-2025-0846
HIGH
1000 Projects Employee Task Management System 1.0 - SQL Injection via AdminLogin.php Email Parameter
CVSS 7.3
CVE-2025-0843
HIGH
needyamin Library Card System 1.0 - SQL Injection via Admin Panel Email/Password Argument
CVSS 7.3
CVE-2025-0842
HIGH
needyamin Library Card System 1.0 - SQL Injection via Admin Login
CVSS 7.3
CVE-2025-24793
HIGH
Snowflake Connector for Python 2.2.5-3.13.0 - SQL Injection in pandas_tools Module
CVSS 7.0
CVE-2025-0803
HIGH
Codezips Gym Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-0793
MEDIUM
ESAFENET CDG V5 - SQL Injection via /todoDetail.jsp flowId Parameter
CVSS 6.3
CVE-2025-0792
MEDIUM
ESAFENET CDG V5 - SQL Injection via /sdTodoDetail.jsp flowId Parameter
CVSS 6.3
CVE-2025-0791
MEDIUM
ESAFENET CDG V5 - SQL Injection via /sdDoneDetail.jsp flowId Parameter
CVSS 6.3
CVE-2025-0789
MEDIUM
ESAFENET CDG V5 - SQL Injection via flowId Parameter in doneDetail.jsp
CVSS 6.3
Details
Vulnerabilities
19,651
Exploit Likelihood
High