CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,652 vulnerabilities with CWE-89
CVE-2025-22710 HIGH
StoreApps Smart Manager <8.52.0 - SQL Injection
CVSS 7.6
CVE-2025-22553 CRITICAL
NotFound Multiple Carousel <2.0 - SQL Injection
CVSS 9.3
CVE-2025-23220 CRITICAL
WeGIA < 3.2.10 - SQL Injection via adicionar_raca.php Endpoint
CVSS 9.8
CVE-2025-23219 CRITICAL
WeGIA < 3.2.10 - SQL Injection via adicionar_cor.php Endpoint
CVSS 9.8
CVE-2025-23218 CRITICAL
WeGIA < 3.2.10 - SQL Injection via adicionar_especie.php Endpoint
CVSS 9.8
CVE-2025-0585 CRITICAL
aenrich a+HRD < 7.5 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2025-0579 HIGH
Shiprocket Module 3/4 - SQL Injection
CVSS 7.3
CVE-2025-0565 HIGH
ZZCMS 2023 - SQL Injection via /index.php id Parameter
CVSS 7.3
CVE-2025-0564 HIGH
Fantasy-Cricket 1.0 - SQL Injection
CVSS 7.3
CVE-2025-0563 MEDIUM
Fantasy-Cricket 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0562 MEDIUM
Codezips Gym Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0561 MEDIUM
itsourcecode Farm Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0558 MEDIUM
TDuckCloud tduck-platform <4.0 - SQL Injection
CVSS 6.3
CVE-2025-0308 HIGH
Ultimate Member <2.9.1 - SQL Injection
CVSS 7.5
CVE-2025-0541 MEDIUM
Codezips Gym Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0540 MEDIUM
itsourcecode Tailoring Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0536 MEDIUM
1000 Projects Attendance Tracking Management System 1.0 - SQL Injection via attendance_id Parameter
CVSS 6.3
CVE-2025-0535 MEDIUM
Codezips Gym Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0534 HIGH
1000 Projects Campaign Management System Platform 1.0 - SQL Injection
CVSS 7.3
CVE-2025-0533 HIGH
1000 Projects Campaign Management System Platform 1.0 - SQL Injection
CVSS 7.3
CVE-2025-0532 MEDIUM
Codezips Gym Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0531 MEDIUM
code-projects Chat System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0527 HIGH
code-projects Admission Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-23913 HIGH
pankajpragma, rahulpragma WordPress Google Map Professional <1.0 - ...
CVSS 8.5
CVE-2025-23912 HIGH
Typomedia Foundation WordPress Custom Sidebar <2.3 - SQL Injection
CVSS 8.5
Details
Vulnerabilities 19,652
Exploit Likelihood High