CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,652 vulnerabilities with CWE-89
CVE-2025-0391 MEDIUM
Guangzhou Huayi Intelligent Technology Jeewms < 2025-01-01 - SQL Injection
CVSS 6.3
CVE-2025-0103 HIGH
Palo Alto Networks Expedition - SQL Injection
CVSS 8.8
CVE-2025-21628 CRITICAL
Chatwoot 2.16.1-3.15.9 - Authenticated SQL Injection via Query Operator Parameter
CVSS 9.1
CVE-2025-22542 CRITICAL
Ofek Nakar Virtual Bot <1.0.0 - SQL Injection
CVSS 9.3
CVE-2025-22540 CRITICAL
Sebastian Orellana Emailing Subscription <1.4.1 - SQL Injection
CVSS 9.3
CVE-2025-22537 HIGH
Google Maps Travel Route <1.3.1 - SQL Injection
CVSS 8.5
CVE-2025-22535 HIGH
Jonathan Kern WPListCal <1.3.5 - SQL Injection
CVSS 8.5
CVE-2025-22527 HIGH
Yamna Khawaja Mailing Group Listserv <2.0.9 - SQL Injection
CVSS 7.6
CVE-2025-22505 HIGH
NC Wishlist for Woocommerce <1.0.1 - SQL Injection
CVSS 8.5
CVE-2025-0347 HIGH
code-projects Admission Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-0345 MEDIUM
leiyuxi cy-fast 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0344 MEDIUM
leiyuxi cy-fast 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0340 HIGH
Cinema Seat Reservation System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-0336 MEDIUM
Codezips Project Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0334 MEDIUM
leiyuxi cy-fast 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0333 MEDIUM
leiyuxi cy-fast 1.0 - SQL Injection
CVSS 6.3
CVE-2025-22141 HIGH
WeGIA < 3.2.8 - SQL Injection via cargo Parameter in verificar_recursos_cargo.php Endpoint
CVSS 8.8
CVE-2025-22140 HIGH
WeGIA < 3.2.8 - SQL Injection via id_dependente Parameter
CVSS 8.8
CVE-2025-22350 HIGH
WpIndeed Ultimate Learning Pro <3.9 - SQL Injection
CVSS 7.6
CVE-2025-0300 MEDIUM
code-projects Online Book Shop 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0299 MEDIUM
code-projects Online Book Shop 1.0 - SQL Injection
CVSS 6.3
CVE-2025-22536 HIGH
Hiren Patel WP Music Player <1.3 - SQL Injection
CVSS 7.6
CVE-2025-22533 HIGH
WOOEXIM <= 5.0.0 - SQL Injection
CVSS 7.6
CVE-2025-22519 HIGH
eDoc Easy Tables <1.29 - SQL Injection
CVSS 8.5
CVE-2025-22507 HIGH
WPMU Prefill Post <1.02 - SQL Injection
CVSS 7.6
Details
Vulnerabilities 19,652
Exploit Likelihood High