CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,651 vulnerabilities with CWE-89
CVE-2025-0788
MEDIUM
ESAFENET CDG V5 - SQL Injection via /content_top.jsp id Parameter
CVSS 6.3
CVE-2025-0786
MEDIUM
ESAFENET CDG V5 - SQL Injection via /appDetail.jsp flowId Parameter
CVSS 6.3
CVE-2025-22217
HIGH
VMware AVI Load Balancer 30.1.x-30.2.x - Unauthenticated Blind SQL Injection
CVSS 8.6
CVE-2025-24368
HIGH
Cacti < 1.2.29 - SQL Injection via build_rule_item_filter()
CVSS 7.5
CVE-2025-24667
CRITICAL
Eniture Technology Small Package Quotes - SQL Injection
CVSS 9.3
CVE-2025-24665
CRITICAL
Eniture Technology Small Package Quotes - Unishippers Edition <2.4....
CVSS 9.3
CVE-2025-24664
CRITICAL
Eniture Technology LTL Freight Quotes - SQL Injection
CVSS 9.3
CVE-2025-24612
CRITICAL
MORKVA Shipping <1.19.6 - SQL Injection
CVSS 9.3
CVE-2025-24728
HIGH
Yannick Lefebvre Bug Library <2.1.4 - SQL Injection
CVSS 8.5
CVE-2025-24683
HIGH
WPChill RSVP & Event Mgmt <2.7.14 - SQL Injection
CVSS 7.6
CVE-2025-24672
HIGH
CodePeople Form Builder CP <1.2.41 - SQL Injection
CVSS 8.5
CVE-2025-24669
HIGH
SERPed.net <= 4.4 - SQL Injection
CVSS 8.5
CVE-2025-24663
HIGH
Simple Download Monitor <= 3.9.25 - Blind SQL Injection
CVSS 7.6
CVE-2025-24659
HIGH
WordPress Download Manager Premium <5.9.6 - SQL Injection
CVSS 7.6
CVE-2025-24587
HIGH
I Thirteen Web Solution Email Subscription Popup <1.2.23 - SQL Inje...
CVSS 7.6
CVE-2025-0701
MEDIUM
JoeyBling bootplus < 2020-08-24 - SQL Injection via /admin/sys/user/list sort Parameter
CVSS 6.3
CVE-2025-0700
MEDIUM
JoeyBling bootplus < 247d5f6 - SQL Injection via /admin/sys/log/list logId Parameter
CVSS 6.3
CVE-2025-0699
MEDIUM
JoeyBling bootplus - SQL Injection via /admin/sys/role/list Sort Parameter
CVSS 6.3
CVE-2025-0698
MEDIUM
bootplus < 2020-08-24 - SQL Injection via sort/order Parameter
CVSS 6.3
CVE-2025-23931
CRITICAL
WordPress Local SEO <2.3 - SQL Injection
CVSS 9.3
CVE-2025-23910
HIGH
Menus Plus+ <= 1.9.6 - SQL Injection
CVSS 8.5
CVE-2025-23784
HIGH
Contact Form 7 Round Robin Lead Distribution <1.2.1 - SQL Injection
CVSS 7.6
CVE-2025-22980
MEDIUM
Senayan Library Management System SLiMS 9 Bulian 9.6.1 - SQL Injection via tempLoanID Parameter
CVSS 6.7
CVE-2025-22716
HIGH
taskbuilder <= 3.0.6 - SQL Injection
CVSS 8.5
CVE-2025-22710
HIGH
StoreApps Smart Manager <8.52.0 - SQL Injection
CVSS 7.6
Details
Vulnerabilities
19,651
Exploit Likelihood
High