CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
18,856 vulnerabilities with CWE-89
CVE-2026-7126
HIGH
SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection
CVSS 7.3
CVE-2026-7118
MEDIUM
code-projects Employee Management System cancel.php sql injection
CVSS 6.3
CVE-2026-7117
MEDIUM
code-projects Employee Management System approve.php sql injection
CVSS 6.3
CVE-2026-7115
MEDIUM
code-projects Employee Management System delete.php sql injection
CVSS 6.3
CVE-2026-7114
MEDIUM
code-projects Employee Management System edit.php sql injection
CVSS 6.3
CVE-2026-22336
CRITICAL
WordPress Directorist Booking plugin < 3.0.2 - SQL Injection vulnerability
CVSS 9.3
CVE-2026-7088
HIGH
SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection
CVSS 7.3
CVE-2026-7087
HIGH
SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection
CVSS 7.3
CVE-2026-7083
MEDIUM
likeadmin-likeshop likeadmin_php dataTable Admin API DataTableLists.php queryResult sql injection
CVSS 4.7
CVE-2026-7077
HIGH
itsourcecode Courier Management System edit_parcel.php sql injection
CVSS 7.3
CVE-2026-7076
HIGH
itsourcecode Courier Management System edit_branch.php sql injection
CVSS 7.3
CVE-2026-7075
HIGH
itsourcecode Construction Management System locations.php sql injection
CVSS 7.3
CVE-2026-7074
HIGH
itsourcecode Construction Management System execute1.php sql injection
CVSS 7.3
CVE-2026-7073
HIGH
itsourcecode Construction Management System execute.php sql injection
CVSS 7.3
CVE-2026-7072
HIGH
CodePanda Source canteen_management_system login.php sql injection
CVSS 7.3
CVE-2026-7070
HIGH
code-projects Inventory Management System Login sql injection
CVSS 7.3
CVE-2026-7063
HIGH
code-projects Employee Management System Endpoint eprocess.php sql injection
CVSS 7.3
CVE-2026-7060
HIGH
liyupi yu-picture MyBatis-Plus PictureServiceImpl.java PageRequest sql injection
CVSS 7.3
CVE-2026-7028
MEDIUM
CodeAstro Online Job Portal All Jobs delete-jobs.php sql injection
CVSS 4.7
CVE-2026-7023
MEDIUM
ByteDance coze-studio databaseTool database_impl.go ExecuteSQL sql injection
CVSS 6.3
CVE-2026-7002
HIGH
KLiK SocialMediaWebsite Private Message get_message_ajax.php sql injection
CVSS 7.3
CVE-2026-6991
MEDIUM
colinhacks Zod CUID Data Type regexes.ts sql injection
CVSS 6.3
CVE-2026-6982
MEDIUM
star7th ShowDoc API Page Sort Endpoint PageController.class.PHP sql injection
CVSS 6.3
CVE-2026-6978
MEDIUM
JiZhiCMS addcache.html htmlspecialchars_decode sql injection
CVSS 4.7
CVE-2026-41478
CRITICAL
Saltcorn: SQL Injection via Unparameterized Sync Endpoints (maxLoadedId)
CVSS 9.9
Details
Vulnerabilities
18,856
Exploit Likelihood
High