CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,497 vulnerabilities with CWE-89
CVE-2026-30881
HIGH
Chamilo LMS: SQL Injection in the statistics AJAX endpoint
CVSS 8.8
CVE-2026-28430
CRITICAL
Chamilo LMS Vulnerable to Unauthenticated SQL Injection in chamiko-lms model.ajax.php
CVSS 9.8
CVE-2026-4241
MEDIUM
itsourcecode College Management System time-table.php sql injection
CVSS 6.3
CVE-2026-4238
MEDIUM
itsourcecode College Management System courses.php sql injection
CVSS 4.7
CVE-2026-4237
HIGH
itsourcecode Free Hotel Reservation System index.php sql injection
CVSS 7.3
CVE-2026-4236
HIGH
itsourcecode Online Enrollment System index.php sql injection
CVSS 7.3
CVE-2026-4235
HIGH
itsourcecode Online Enrollment System login.php sql injection
CVSS 7.3
CVE-2026-4234
MEDIUM
SSCMS DDL SitesAddController.Submit.cs sql injection
CVSS 6.3
CVE-2026-4232
HIGH
Tiandy Integrated Management Platform getAuthorityByUserId sql injection
CVSS 7.3
CVE-2026-4230
MEDIUM
vanna-ai vanna Endpoint __init__.py update_sql sql injection
CVSS 6.3
CVE-2026-4229
HIGH
vanna-ai vanna bigquery_vector.py remove_training_data sql injection
CVSS 7.3
CVE-2026-4223
HIGH
itsourcecode Payroll Management System manage_employee.php sql injection
CVSS 7.3
CVE-2026-4190
HIGH
node-api-postgres up to 2.5 - SQL Injection
CVSS 7.3
CVE-2026-4189
MEDIUM
phpipam <= 1.7.4 - SQL Injection via subnetOrdering Parameter
CVSS 4.7
CVE-2026-4173
MEDIUM
CodePhiliaX Chat2DB <=0.3.7 - SQL Injection
CVSS 6.3
CVE-2026-3023
HIGH
Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma application web
CVSS 8.8
CVE-2026-3022
MEDIUM
Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma application web
CVSS 6.5
CVE-2026-3021
MEDIUM
Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma application web
CVSS 6.5
CVE-2026-32628
HIGH
AnythingLLM has SQL Injection in Built-in SQL Agent Plugin via Unsanitized table_name Parameter
CVSS 8.8
CVE-2026-32459
HIGH
UpsellWP <= 2.2.4 - Blind SQL Injection
CVSS 7.6
CVE-2026-32458
HIGH
RealMag777 WOLF bulk-editor <=1.0.8.7 - SQL Injection
CVSS 7.6
CVE-2026-32433
HIGH
CP Contact Form with Paypal <=1.3.61 - SQL Injection
CVSS 8.5
CVE-2026-32422
HIGH
WP EasyCart <=5.8.13 - SQL Injection
CVSS 8.5
CVE-2026-32418
HIGH
Meow Gallery <=5.4.4 - SQL Injection
CVSS 7.6
CVE-2026-32399
HIGH
Media LIbrary Assistant <=3.32 - SQL Injection
CVSS 8.5
Details
Vulnerabilities
19,497
Exploit Likelihood
High