Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-89

CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,396 vulnerabilities with CWE-89

CVE-2026-11488 HIGH

code-projects Simple Flight Ticket Booking System POST Parameter checkUser.php sql injection

CVE-2026-11486 HIGH

SourceCodester Class and Exam Timetabling System archive1.php sql injection

CVE-2026-11485 HIGH

SourceCodester Class and Exam Timetabling System archive2.php sql injection

CVE-2026-11484 HIGH

SourceCodester Class and Exam Timetabling System archive3.php sql injection

CVE-2026-11483 HIGH

SourceCodester Class and Exam Timetabling System archive4.php sql injection

CVE-2026-11482 HIGH

SourceCodester Class and Exam Timetabling System archive5.php sql injection

CVE-2026-11480 MEDIUM

Chengdu Everbrite Network Technology BeikeShop Admin Design Builder Endpoint admin.php sql injection

CVE-2026-11475 MEDIUM

Kushan2k student-management-system Certificate Verification Endpoint GradeController.php getStatus sql injection

CVE-2026-11473 MEDIUM

jflyfox jfinal_cms AdvicefeedbackController.java list sql injection

CVE-2026-11472 HIGH

SourceCodester Class and Exam Timetabling System index1.php sql injection

CVE-2026-11471 HIGH

SourceCodester Class and Exam Timetabling System index2.php sql injection

CVE-2026-11456 HIGH

Chanjet CRM HTTP GET Request jxf_dump_systable.php sql injection

CVE-2026-11453 MEDIUM

Tiobon Employee Self-Service System Login Endpoint BlogSearch.aspx sql injection

CVE-2026-11435 HIGH

Jinher OA nextselectplan.aspx sql injection

CVE-2026-11412 MEDIUM

Jinher OA GetFormSn.aspx sql injection

CVE-2026-9829 MEDIUM

Photo Gallery by 10Web <= 1.8.41 - Authenticated (Contributor+) SQL Injection via 'compact_album_order_by' Shortcode Parameter

CVE-2026-8978 MEDIUM

OptinCraft <= 1.2.0 - Authenticated (Administrator+) SQL Injection via 'order_by' Parameter

CVE-2026-6448 MEDIUM

Quiz and Survey Master (QSM) <= 11.1.2 - Authenticated (Admin+) SQL Injection via 'order' and 'limit' Parameters

CVE-2026-45779 CRITICAL

Open XDMoD Vulnerable to Unauthenticated SQL Injection Leading to Full Database Compromise

CVE-2026-11342 HIGH

code-projects Hotel and Tourism Reservation System details.php sql injection

CVE-2026-11334 HIGH

tittuvarghese CollegeManagementSystem fetch.php sql injection

CVE-2026-10877 HIGH

SourceCodester Ship Ferry Ticket Reservation System Admin Login login.php sql injection

CVE-2026-10875 MEDIUM

projectworlds Online Art Gallery Shop Project adminHome.ph sql injection

CVE-2026-10874 MEDIUM

projectworlds Online Art Gallery Shop Project adminHome.php sql injection

CVE-2026-10880 CRITICAL

Unauthenticated SQL Injection in Osnexus Quantastor

Previous Page 4 of 776 Next

Details

Vulnerabilities 19,396

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy