Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-89

CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,492 vulnerabilities with CWE-89

CVE-2026-34018 CRITICAL

CubeCart < 6.6.0 - SQL Injection

CVE-2026-6080 MEDIUM

Tutor LMS <= 3.9.8 - Authenticated (Admin+) SQL Injection via 'date' Parameter

CVE-2026-3330 MEDIUM

Form Maker by 10Web <= 1.15.40 - Authenticated (Administrator+) SQL Injection via 'ip_search' Parameter

CVE-2026-4817 MEDIUM

MasterStudy LMS <= 3.7.25 - Authenticated (Subscriber+) Time-based Blind SQL Injection via 'order' and 'orderby' Parameters

CVE-2026-40900 HIGH

DataEase has SQL Injection via Stacked Queries

CVE-2026-33207 HIGH

DataEase SQL Injection Vulnerability

CVE-2026-33122 CRITICAL

DataEase has SQL Injection via Datasource Management

CVE-2026-33121 HIGH

DataEase has SQL Injection via Datasource Save Flow

CVE-2026-33084 HIGH

DataEase has SQL Injection through its getFieldEnumObj Endpoint

CVE-2026-33083 HIGH

DataEase has SQL Injection in Order By Clause

CVE-2026-33082 CRITICAL

DataEase: SQL Injection in v2 Dataset Export

CVE-2026-37347 CRITICAL

SourceCodester Payroll Management and Information System 1.0 - SQL Injection

CVE-2026-37346 MEDIUM

SourceCodester Payroll Management and Information System 1.0 - SQL Injection

CVE-2026-37345 CRITICAL

SourceCodester Vehicle Parking Area Management System 1.0 - SQL Injection

CVE-2026-37344 HIGH

SourceCodester Vehicle Parking Area Management System 1.0 - SQL Injection

CVE-2026-37343 HIGH

SourceCodester Vehicle Parking Area Management System 1.0 - SQL Injection

CVE-2026-37342 HIGH

SourceCodester Vehicle Parking Area Management System 1.0 - SQL Injection

CVE-2026-37341 HIGH

SourceCodester Vehicle Parking Area Management System 1.0 - SQL Injection

CVE-2026-37340 CRITICAL

Simple Music Cloud Community System 1.0 - SQL Injection

CVE-2026-37339 CRITICAL

Simple Music Cloud Community System 1.0 - SQL Injection

CVE-2026-37338 CRITICAL

Simple Music Cloud Community System 1.0 - SQL Injection

CVE-2026-37337 HIGH

Simple Music Cloud Community System 1.0 - SQL Injection

CVE-2026-37336 HIGH

Simple Music Cloud Community System 1.0 - SQL Injection

CVE-2026-5785 HIGH

ManageEngine PAM360 < 8531 and Password Manager Pro 8600-13230 - Authenticated SQL Injection in Query Report Module

CVE-2026-3489 HIGH

DirectoryPress – Business Directory And Classified Ad Listing <= 3.6.26 - Unauthenticated SQL Injection via 'packages'

Previous Page 25 of 780 Next

Details

Vulnerabilities 19,492

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy