CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,652 vulnerabilities with CWE-89
CVE-2025-0198 MEDIUM
code-projects Point of Sales - SQL Injection
CVSS 6.3
CVE-2025-0197 MEDIUM
Point of Sales and Inventory Management System 1.0 - SQL Injection via Search Name Parameter
CVSS 6.3
CVE-2025-0196 MEDIUM
code-projects Point of Sales - SQL Injection
CVSS 6.3
CVE-2025-0195 MEDIUM
Point of Sales and Inventory Management System 1.0 - SQL Injection via /user/del_product.php id Parameter
CVSS 6.3
CVE-2025-0176 MEDIUM
Point of Sales and Inventory Management System 1.0 - SQL Injection via id/qty Parameter
CVSS 6.3
CVE-2025-0174 MEDIUM
code-projects Point of Sales - SQL Injection
CVSS 6.3
CVE-2025-0173 MEDIUM
SourceCodester Online Eyewear Shop 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0172 MEDIUM
code-projects Chat System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0171 MEDIUM
code-projects Chat System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-22214 MEDIUM
Landray EIS 2001-2006 - SQL Injection via Message/fi_message_receiver.aspx replyid Parameter
CVSS 4.3
CVE-2025-0168 MEDIUM
code-projects Job Recruitment 1.0 - SQL Injection
CVSS 6.3
CVE-2024-33722 MEDIUM
SOPlanning 1.52.00 - Authenticated SQL Injection via projets.php statut[] Parameter
CVSS 6.3
CVE-2024-33288 HIGH
Prison Management System Using PHP 1.0 - SQL Injection
CVSS 7.3
CVE-2024-46636 CRITICAL
NASA EOSDIS MODAPS v8.1 - SQL Injection
CVSS 9.4
CVE-2024-36058 CRITICAL
Koha Library <23.05.10 - SQL Injection
CVSS 9.8
CVE-2024-58341 HIGH
OpenCart Core 4.0.2.3 SQL Injection via search Parameter
CVSS 8.2
CVE-2024-14025 MEDIUM
Video Station <5.8.2 - SQL Injection
CVSS 6.7
CVE-2024-55270 HIGH
phpgurukul Student Management System 1.0 - SQL Injection
CVSS 8.8
CVE-2024-44065 CRITICAL
Cloudlog 2.6.15 - Time-based Blind SQL Injection via QSO Results Parameter
CVSS 9.8
CVE-2024-39037 MEDIUM
MyNET < 26.08.316 - Unauthenticated SQL Injection via intmenu Parameter
CVSS 6.5
CVE-2024-57521 CRITICAL
RuoYi < 4.7.9 - SQL Injection via SqlUtil.java createTable Function
CVSS 10.0
CVE-2024-58316 HIGH
Online Shopping System Advanced 1.0 - SQL Injection via Payment Success Parameter
CVSS 7.5
CVE-2024-58309 CRITICAL
xbtitFM 4.1.18 - Unauthenticated SQL Injection via msgid Parameter
CVSS 9.8
CVE-2024-58308 CRITICAL
Quick.CMS 6.7 - Unauthenticated SQL Injection via Login Form
CVSS 9.8
CVE-2024-58307 HIGH
CSZCMS 1.3.0 - Authenticated SQL Injection via Members View Parameter
CVSS 8.8
Details
Vulnerabilities 19,652
Exploit Likelihood High