Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-89

CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,497 vulnerabilities with CWE-89

CVE-2026-31858 HIGH

Craft CMS 5.0.1-5.9.8 - Authenticated SQL Injection via ElementSearchController

CVE-2026-31856 CRITICAL

Parse Server PostgreSQL - SQL Injection

CVE-2026-31840 CRITICAL

Parse Server <9.6.0-alpha.2/8.6.28 - SQL Injection

CVE-2026-3496 HIGH

JetBooking WordPress Plugin <4.0.3 - SQL Injection

CVE-2026-3944 HIGH

itsourcecode University Management System 1.0 - SQL Injection

CVE-2026-1708 HIGH

Appointment Booking Calendar 1.6.9.27 - SQL Injection

CVE-2026-31844 HIGH

Koha Staff Interface - SQL Injection

CVE-2026-3222 HIGH

WP Maps Plugin <4.9.1 - SQL Injection

CVE-2026-2413 HIGH

Ally Web Accessibility & Usability Plugin <=4.0.3 - SQL Injection

CVE-2026-31825 MEDIUM

Sylius SQL Injection via Order Direction Parameter

CVE-2026-30951 HIGH

Sequelize < 6.37.8 - SQL Injection via Unescaped Cast Type in JSON/JSONB Where Clause

CVE-2026-29174 HIGH

Craft Commerce <5.5.3 - SQL Injection

CVE-2026-29172 HIGH

Craft Commerce <4.10.2/5.5.3 - SQL Injection

CVE-2026-3843 CRITICAL

Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 - SQL Injection via /php/request.php sql Parameter

CVE-2026-30930 CRITICAL

Glances < 4.5.1 - SQL Injection via TimescaleDB Export Module

CVE-2026-26116 HIGH

Microsoft SQL Server 2016-2025 Authenticated SQL Injection

CVE-2026-27684 MEDIUM

SAP NetWeaver Feedback Notifications Service - Authenticated SQL Injection via User-Controlled Input Fields

CVE-2026-3818 HIGH

Tiandy Easy7 CMS 7.17.0 - SQL Injection

CVE-2026-3806 MEDIUM

janobe Resort Reservation System 1.0 - SQL Injection

CVE-2026-3793 MEDIUM

SourceCodester Sales and Inventory System 1.0 - SQL Injection

CVE-2026-3792 MEDIUM

SourceCodester Sales and Inventory System 1.0 - SQL Injection

CVE-2026-3791 MEDIUM

SourceCodester Sales and Inventory System 1.0 - SQL Injection

CVE-2026-3790 MEDIUM

SourceCodester Sales and Inventory System 1.0 - SQL Injection

CVE-2026-3786 MEDIUM

easycms < 1.6 - SQL Injection via _order Parameter in Request Parameter Handler

CVE-2026-3785 MEDIUM

easycms < 1.6 - SQL Injection via _order Parameter in RbacnodeAction.class.php

Previous Page 44 of 780 Next

Details

Vulnerabilities 19,497

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy