CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,652 vulnerabilities with CWE-89
CVE-2025-0391
MEDIUM
Guangzhou Huayi Intelligent Technology Jeewms < 2025-01-01 - SQL Injection
CVSS 6.3
CVE-2025-0103
HIGH
Palo Alto Networks Expedition - SQL Injection
CVSS 8.8
CVE-2025-21628
CRITICAL
Chatwoot 2.16.1-3.15.9 - Authenticated SQL Injection via Query Operator Parameter
CVSS 9.1
CVE-2025-22542
CRITICAL
Ofek Nakar Virtual Bot <1.0.0 - SQL Injection
CVSS 9.3
CVE-2025-22540
CRITICAL
Sebastian Orellana Emailing Subscription <1.4.1 - SQL Injection
CVSS 9.3
CVE-2025-22537
HIGH
Google Maps Travel Route <1.3.1 - SQL Injection
CVSS 8.5
CVE-2025-22535
HIGH
Jonathan Kern WPListCal <1.3.5 - SQL Injection
CVSS 8.5
CVE-2025-22527
HIGH
Yamna Khawaja Mailing Group Listserv <2.0.9 - SQL Injection
CVSS 7.6
CVE-2025-22505
HIGH
NC Wishlist for Woocommerce <1.0.1 - SQL Injection
CVSS 8.5
CVE-2025-0347
HIGH
code-projects Admission Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-0345
MEDIUM
leiyuxi cy-fast 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0344
MEDIUM
leiyuxi cy-fast 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0340
HIGH
Cinema Seat Reservation System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-0336
MEDIUM
Codezips Project Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0334
MEDIUM
leiyuxi cy-fast 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0333
MEDIUM
leiyuxi cy-fast 1.0 - SQL Injection
CVSS 6.3
CVE-2025-22141
HIGH
WeGIA < 3.2.8 - SQL Injection via cargo Parameter in verificar_recursos_cargo.php Endpoint
CVSS 8.8
CVE-2025-22140
HIGH
WeGIA < 3.2.8 - SQL Injection via id_dependente Parameter
CVSS 8.8
CVE-2025-22350
HIGH
WpIndeed Ultimate Learning Pro <3.9 - SQL Injection
CVSS 7.6
CVE-2025-0300
MEDIUM
code-projects Online Book Shop 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0299
MEDIUM
code-projects Online Book Shop 1.0 - SQL Injection
CVSS 6.3
CVE-2025-22536
HIGH
Hiren Patel WP Music Player <1.3 - SQL Injection
CVSS 7.6
CVE-2025-22533
HIGH
WOOEXIM <= 5.0.0 - SQL Injection
CVSS 7.6
CVE-2025-22519
HIGH
eDoc Easy Tables <1.29 - SQL Injection
CVSS 8.5
CVE-2025-22507
HIGH
WPMU Prefill Post <1.02 - SQL Injection
CVSS 7.6
Details
Vulnerabilities
19,652
Exploit Likelihood
High