CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,652 vulnerabilities with CWE-89
CVE-2025-0198
MEDIUM
code-projects Point of Sales - SQL Injection
CVSS 6.3
CVE-2025-0197
MEDIUM
Point of Sales and Inventory Management System 1.0 - SQL Injection via Search Name Parameter
CVSS 6.3
CVE-2025-0196
MEDIUM
code-projects Point of Sales - SQL Injection
CVSS 6.3
CVE-2025-0195
MEDIUM
Point of Sales and Inventory Management System 1.0 - SQL Injection via /user/del_product.php id Parameter
CVSS 6.3
CVE-2025-0176
MEDIUM
Point of Sales and Inventory Management System 1.0 - SQL Injection via id/qty Parameter
CVSS 6.3
CVE-2025-0174
MEDIUM
code-projects Point of Sales - SQL Injection
CVSS 6.3
CVE-2025-0173
MEDIUM
SourceCodester Online Eyewear Shop 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0172
MEDIUM
code-projects Chat System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0171
MEDIUM
code-projects Chat System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-22214
MEDIUM
Landray EIS 2001-2006 - SQL Injection via Message/fi_message_receiver.aspx replyid Parameter
CVSS 4.3
CVE-2025-0168
MEDIUM
code-projects Job Recruitment 1.0 - SQL Injection
CVSS 6.3
CVE-2024-33722
MEDIUM
SOPlanning 1.52.00 - Authenticated SQL Injection via projets.php statut[] Parameter
CVSS 6.3
CVE-2024-33288
HIGH
Prison Management System Using PHP 1.0 - SQL Injection
CVSS 7.3
CVE-2024-46636
CRITICAL
NASA EOSDIS MODAPS v8.1 - SQL Injection
CVSS 9.4
CVE-2024-36058
CRITICAL
Koha Library <23.05.10 - SQL Injection
CVSS 9.8
CVE-2024-58341
HIGH
OpenCart Core 4.0.2.3 SQL Injection via search Parameter
CVSS 8.2
CVE-2024-14025
MEDIUM
Video Station <5.8.2 - SQL Injection
CVSS 6.7
CVE-2024-55270
HIGH
phpgurukul Student Management System 1.0 - SQL Injection
CVSS 8.8
CVE-2024-44065
CRITICAL
Cloudlog 2.6.15 - Time-based Blind SQL Injection via QSO Results Parameter
CVSS 9.8
CVE-2024-39037
MEDIUM
MyNET < 26.08.316 - Unauthenticated SQL Injection via intmenu Parameter
CVSS 6.5
CVE-2024-57521
CRITICAL
RuoYi < 4.7.9 - SQL Injection via SqlUtil.java createTable Function
CVSS 10.0
CVE-2024-58316
HIGH
Online Shopping System Advanced 1.0 - SQL Injection via Payment Success Parameter
CVSS 7.5
CVE-2024-58309
CRITICAL
xbtitFM 4.1.18 - Unauthenticated SQL Injection via msgid Parameter
CVSS 9.8
CVE-2024-58308
CRITICAL
Quick.CMS 6.7 - Unauthenticated SQL Injection via Login Form
CVSS 9.8
CVE-2024-58307
HIGH
CSZCMS 1.3.0 - Authenticated SQL Injection via Members View Parameter
CVSS 8.8
Details
Vulnerabilities
19,652
Exploit Likelihood
High