Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-89

CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,396 vulnerabilities with CWE-89

CVE-2026-8025 CRITICAL

SQLi in MOSK Informatics' CBS Platform

CVE-2026-7486 CRITICAL

SQLi in Netcad's E-İmar

CVE-2026-49741 HIGH

TYPO3 CMS - Privilege Escalation & SQL Injection in Form Framework

CVE-2026-10731 CRITICAL

SQL injection in Nemon products

CVE-2026-44744 MEDIUM

SAP S/4HANA - Authenticated SQL Injection in Remote Function Module

CVE-2026-11585 MEDIUM

CodeAstro Student Attendance Management System createClassArms.php sql injection

CVE-2026-11584 MEDIUM

CodeAstro Student Attendance Management System createClass.php edit sql injection

CVE-2026-11583 MEDIUM

CodeAstro Student Attendance Management System createClass.php sql injection

CVE-2026-11582 HIGH

CodeAstro Student Attendance Management System index.php sql injection

CVE-2026-11559 MEDIUM

CodeAstro Payroll System view_account.php sql injection

CVE-2026-11558 MEDIUM

CodeAstro Payroll System home_salary.php sql injection

CVE-2026-11531 HIGH

imvks786 student_management_system Administrator Login Endpoint admin_login.php sql injection

CVE-2026-11530 HIGH

imvks786 student_management_system Login index.ph sql injection

CVE-2026-11529 MEDIUM

designcomputer mysql-mcp-server mysql URI server.py read_resource sql injection

CVE-2026-11514 MEDIUM

itsourcecode Hospital Management System addpatient.php sql injection

CVE-2026-11513 MEDIUM

itsourcecode Hospital Management System adminaccount.php sql injection

CVE-2026-11510 MEDIUM

CodeAstro Leave Management System add_leave.php sql injection

CVE-2026-11509 MEDIUM

CodeAstro Leave Management System search_staff_for_updation.php sql injection

CVE-2026-11508 MEDIUM

CodeAstro Leave Management System search_staff_to_assign_pc.php sql injection

CVE-2026-11507 MEDIUM

CodeAstro Leave Management System delete_leave_type.php sql injection

CVE-2026-11506 MEDIUM

CodeAstro Leave Management System search_staff_for_deletion.php sql injection

CVE-2026-11501 HIGH

SourceCodester Hospitals Patient Records Management System Master.php save_patient sql injection

CVE-2026-11495 MEDIUM

CodeAstro Ingredients Stock Management System add_stock.php sql injection

CVE-2026-11490 HIGH

code-projects Online Music Site Search.php sql injection

CVE-2026-11489 HIGH

code-projects Online Music Site AdminDeleteAlbum.php sql injection

Previous Page 3 of 776 Next

Details

Vulnerabilities 19,396

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy