CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,652 vulnerabilities with CWE-89
CVE-2025-22502 HIGH
MindValley Super PageMash <1.1 - SQL Injection
CVSS 7.6
CVE-2025-0298 MEDIUM
code-projects Online Book Shop 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0297 MEDIUM
code-projects Online Book Shop 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0296 MEDIUM
code-projects Online Book Shop 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0294 MEDIUM
Home Clean Services Management System 1.0 - SQL Injection via process.php Type/Length/Business Parameter
CVSS 4.7
CVE-2025-22352 HIGH
ELEXtensions ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes - SQL Injection
CVSS 7.6
CVE-2025-22351 HIGH
PenguinArts Contact Form 7 Database - SQL Injection
CVSS 7.6
CVE-2025-22349 HIGH
Owen Cutajar & Hyder Jaffari WordPress Auction Plugin <3.7 - SQL In...
CVSS 7.6
CVE-2025-22348 HIGH
RTO GmbH DynamicTags <1.4.0 - SQL Injection
CVSS 8.5
CVE-2025-0233 HIGH
Codezips Project Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-0232 MEDIUM
Codezips Blood Bank Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0231 MEDIUM
Codezips Gym Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0230 MEDIUM
Responsive Hotel Site 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0229 MEDIUM
Travel Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0214 MEDIUM
TMD Custom Header Menu 4.0.0.1 - SQL Injection
CVSS 4.1
CVE-2025-0212 MEDIUM
Campcodes Student Grading System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0210 HIGH
Campcodes School Faculty Scheduling System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-0208 MEDIUM
code-projects Online Shoe Store 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0207 HIGH
code-projects Online Shoe Store 1.0 - SQL Injection
CVSS 7.3
CVE-2025-0205 MEDIUM
code-projects Online Shoe Store 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0204 MEDIUM
code-projects Online Shoe Store 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0203 MEDIUM
code-projects Student Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0201 MEDIUM
Point of Sales and Inventory Management System 1.0 - SQL Injection via Username Parameter
CVSS 6.3
CVE-2025-0200 MEDIUM
Point of Sales and Inventory Management System 1.0 - SQL Injection via Search Parameter
CVSS 6.3
CVE-2025-0199 MEDIUM
Point of Sales and Inventory Management System 1.0 - SQL Injection via /user/minus_cart.php id Parameter
CVSS 6.3
Details
Vulnerabilities 19,652
Exploit Likelihood High