Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-89

CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,410 vulnerabilities with CWE-89

CVE-2026-39110 HIGH

Apartment Visitors Management System V1.1 - SQL Injection

CVE-2026-39109 CRITICAL

Apartment Visitors Management System 1.1 - SQL Injection

CVE-2026-6629 HIGH

Metasoft 美特软件 MetaCRM Interface sql.jsp Statement.executeUpdate sql injection

CVE-2026-6628 MEDIUM

phili67 Ecclesia CRM Query Viewer view ValidateInput sql injection

CVE-2026-5964 CRITICAL

Digiwin｜EasyFlow .NET - SQL Injection

CVE-2026-5963 CRITICAL

Digiwin｜EasyFlow .NET - SQL Injection

CVE-2026-6595 HIGH

ProjectsAndPrograms School Management System HTTP GET Parameter buslocation.php sql injection

CVE-2026-6562 HIGH

dameng100 muucmf index.html getListByPage sql injection

CVE-2026-40482 HIGH

ChurchCRM has Authenticated SQL Injection in `/api/families/byCheckNumber/{scanString}`

CVE-2026-40285 HIGH

WeGIA has SQL Injection via Session Variable Override in DespachoControle.php

CVE-2026-37749 CRITICAL

Simple Attendance Management System 1.0 - SQL Injection

CVE-2026-6490 HIGH

QueryMine sms GET Request Parameter deletecourse.php sql injection

CVE-2026-6488 MEDIUM

QueryMine sms GET Request Parameter editcourse.php sql injection

CVE-2026-34018 CRITICAL

CubeCart < 6.6.0 - SQL Injection

CVE-2026-6080 MEDIUM

Tutor LMS <= 3.9.8 - Authenticated (Admin+) SQL Injection via 'date' Parameter

CVE-2026-3330 MEDIUM

Form Maker by 10Web <= 1.15.40 - Authenticated (Administrator+) SQL Injection via 'ip_search' Parameter

CVE-2026-4817 MEDIUM

MasterStudy LMS <= 3.7.25 - Authenticated (Subscriber+) Time-based Blind SQL Injection via 'order' and 'orderby' Parameters

CVE-2026-40900 HIGH

DataEase has SQL Injection via Stacked Queries

CVE-2026-33207 HIGH

DataEase SQL Injection Vulnerability

CVE-2026-33122 CRITICAL

DataEase has SQL Injection via Datasource Management

CVE-2026-33121 HIGH

DataEase has SQL Injection via Datasource Save Flow

CVE-2026-33084 HIGH

DataEase has SQL Injection through its getFieldEnumObj Endpoint

CVE-2026-33083 HIGH

DataEase has SQL Injection in Order By Clause

CVE-2026-33082 CRITICAL

DataEase: SQL Injection in v2 Dataset Export

CVE-2026-37347 CRITICAL

SourceCodester Payroll Management and Information System 1.0 - SQL Injection

Previous Page 23 of 777 Next

Details

Vulnerabilities 19,410

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy