CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,651 vulnerabilities with CWE-89
CVE-2025-0788 MEDIUM
ESAFENET CDG V5 - SQL Injection via /content_top.jsp id Parameter
CVSS 6.3
CVE-2025-0786 MEDIUM
ESAFENET CDG V5 - SQL Injection via /appDetail.jsp flowId Parameter
CVSS 6.3
CVE-2025-22217 HIGH
VMware AVI Load Balancer 30.1.x-30.2.x - Unauthenticated Blind SQL Injection
CVSS 8.6
CVE-2025-24368 HIGH
Cacti < 1.2.29 - SQL Injection via build_rule_item_filter()
CVSS 7.5
CVE-2025-24667 CRITICAL
Eniture Technology Small Package Quotes - SQL Injection
CVSS 9.3
CVE-2025-24665 CRITICAL
Eniture Technology Small Package Quotes - Unishippers Edition <2.4....
CVSS 9.3
CVE-2025-24664 CRITICAL
Eniture Technology LTL Freight Quotes - SQL Injection
CVSS 9.3
CVE-2025-24612 CRITICAL
MORKVA Shipping <1.19.6 - SQL Injection
CVSS 9.3
CVE-2025-24728 HIGH
Yannick Lefebvre Bug Library <2.1.4 - SQL Injection
CVSS 8.5
CVE-2025-24683 HIGH
WPChill RSVP & Event Mgmt <2.7.14 - SQL Injection
CVSS 7.6
CVE-2025-24672 HIGH
CodePeople Form Builder CP <1.2.41 - SQL Injection
CVSS 8.5
CVE-2025-24669 HIGH
SERPed.net <= 4.4 - SQL Injection
CVSS 8.5
CVE-2025-24663 HIGH
Simple Download Monitor <= 3.9.25 - Blind SQL Injection
CVSS 7.6
CVE-2025-24659 HIGH
WordPress Download Manager Premium <5.9.6 - SQL Injection
CVSS 7.6
CVE-2025-24587 HIGH
I Thirteen Web Solution Email Subscription Popup <1.2.23 - SQL Inje...
CVSS 7.6
CVE-2025-0701 MEDIUM
JoeyBling bootplus < 2020-08-24 - SQL Injection via /admin/sys/user/list sort Parameter
CVSS 6.3
CVE-2025-0700 MEDIUM
JoeyBling bootplus < 247d5f6 - SQL Injection via /admin/sys/log/list logId Parameter
CVSS 6.3
CVE-2025-0699 MEDIUM
JoeyBling bootplus - SQL Injection via /admin/sys/role/list Sort Parameter
CVSS 6.3
CVE-2025-0698 MEDIUM
bootplus < 2020-08-24 - SQL Injection via sort/order Parameter
CVSS 6.3
CVE-2025-23931 CRITICAL
WordPress Local SEO <2.3 - SQL Injection
CVSS 9.3
CVE-2025-23910 HIGH
Menus Plus+ <= 1.9.6 - SQL Injection
CVSS 8.5
CVE-2025-23784 HIGH
Contact Form 7 Round Robin Lead Distribution <1.2.1 - SQL Injection
CVSS 7.6
CVE-2025-22980 MEDIUM
Senayan Library Management System SLiMS 9 Bulian 9.6.1 - SQL Injection via tempLoanID Parameter
CVSS 6.7
CVE-2025-22716 HIGH
taskbuilder <= 3.0.6 - SQL Injection
CVSS 8.5
CVE-2025-22710 HIGH
StoreApps Smart Manager <8.52.0 - SQL Injection
CVSS 7.6
Details
Vulnerabilities 19,651
Exploit Likelihood High