CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,652 vulnerabilities with CWE-89
CVE-2025-23911 HIGH
Solidres - Hotel Booking <0.9.4 - SQL Injection
CVSS 8.5
CVE-2025-23780 HIGH
AlphaBPO Easy Code Snippets <1.0.2 - SQL Injection
CVSS 7.6
CVE-2025-23779 HIGH
web-mv.de ResAds <2.0.5 - SQL Injection
CVSS 7.6
CVE-2025-0455 CRITICAL
airPASS from NetVision Information - SQL Injection
CVSS 9.8
CVE-2025-22976 HIGH
dingfanzuCMS 1.0 - SQL Injection via checkOrder.php shopId Parameter
CVSS 7.1
CVE-2025-22964 HIGH
DDSN Interactive cm3 Acora CMS 10.1.1 - Unauthenticated Time-Based Blind SQL Injection via Table Parameter
CVSS 8.1
CVE-2025-0491 MEDIUM
Fanli2012 native-php-cms 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0490 MEDIUM
Fanli2012 native-php-cms 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0489 MEDIUM
Fanli2012 native-php-cms 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0488 MEDIUM
Fanli2012 native-php-cms 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0487 MEDIUM
Fanli2012 native-php-cms 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0486 HIGH
Fanli2012 native-php-cms 1.0 - SQL Injection
CVSS 7.3
CVE-2025-22799 HIGH
Vertim Coders Neon <2.1.1 - SQL Injection
CVSS 8.5
CVE-2025-22785 CRITICAL
ComMotion Course Booking System <6.0.5 - SQL Injection
CVSS 9.3
CVE-2025-0462 MEDIUM
Shanghai Lingdang Information Technology Lingdang CRM <= 8.6.0.0 - SQL Injection via searchcontent Parameter
CVSS 6.3
CVE-2025-20620 HIGH
STEALTHONE D220/D340 - SQL Injection
CVSS 7.5
CVE-2025-0063 HIGH
SAP NetWeaver AS ABAP & ABAP Platform - Privilege Escalation
CVSS 8.8
CVE-2025-0410 MEDIUM
liujianview gymxmjpa 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0409 MEDIUM
liujianview gymxmjpa 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0408 MEDIUM
liujianview gymxmjpa 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0407 MEDIUM
liujianview gymxmjpa 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0406 MEDIUM
liujianview gymxmjpa 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0405 MEDIUM
liujianview gymxmjpa 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0404 MEDIUM
liujianview gymxmjpa 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0392 MEDIUM
Guangzhou Huayi Intelligent Technology Jeewms < 2025-01-01 - SQL Injection via datagridGraph Function
CVSS 6.3
Details
Vulnerabilities 19,652
Exploit Likelihood High