CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,497 vulnerabilities with CWE-89
CVE-2026-3708 HIGH
Simple Flight Ticket Booking System 1.0 - SQL Injection
CVSS 7.3
CVE-2026-3705 HIGH
Simple Flight Ticket Booking System 1.0 - SQL Injection
CVSS 7.3
CVE-2026-3672 MEDIUM
JeecgBoot <= 3.9.1 - SQL Injection via isExistSqlInjectKeyword Function
CVSS 6.3
CVE-2026-30860 CRITICAL
WeKnora <0.2.12 - RCE via SQL Injection
CVSS 9.9
CVE-2026-2429 MEDIUM
WordPress Community Events <1.5.8 - SQL Injection
CVSS 4.9
CVE-2026-29073 HIGH
SiYuan < 3.6.0 - Authenticated SQL Injection via /api/query/sql
CVSS 8.8
CVE-2026-28438 CRITICAL
CocoIndex < 0.3.34 - SQL Injection via Doris Target Connector Table Name
CVSS 9.8
CVE-2026-28785 CRITICAL
Ghostfolio <2.244.0 - SQL Injection
CVSS 9.8
CVE-2026-27005 CRITICAL
Chartbrew < 4.8.3 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2026-28501 CRITICAL
WWBN AVideo < 24.0 - Unauthenticated SQL Injection via catName Parameter in JSON POST Request
CVSS 9.8
CVE-2026-3616 MEDIUM
DefaultFuction Jeson CRM 1.0.0 - SQL Injection
CVSS 6.3
CVE-2026-29081 MEDIUM
Frappe <14.100.1/15.100.0 - SQL Injection
CVSS 6.5
CVE-2026-28443 CRITICAL
OpenReplay < 1.20.0 - SQL Injection via Cards Search Endpoint
CVSS 9.8
CVE-2026-28284 HIGH
FreePBX <16.0.10/17.0.5 - SQL Injection
CVSS 8.8
CVE-2026-28210 HIGH
FreePBX <16.0.49/17.0.7 - SQL Injection
CVSS 8.8
CVE-2026-2893 MEDIUM
Page and Post Clone 6.3 - SQL Injection
CVSS 6.5
CVE-2026-28115 CRITICAL
WP Attractive Donations System <=1.25 - SQL Injection
CVSS 9.3
CVE-2026-27428 HIGH
Eagle Booking <=1.3.4.3 - SQL Injection
CVSS 8.5
CVE-2026-27373 HIGH
Tablesome <= 1.2.3 - Blind SQL Injection
CVSS 8.5
CVE-2026-3523 MEDIUM
Apocalypse Meow Plugin <22.1.0 - SQL Injection
CVSS 4.9
CVE-2026-20003 MEDIUM
Cisco Secure FMC Software - SQL Injection
CVSS 4.9
CVE-2026-20002 HIGH
Cisco Secure FMC Software - Authenticated SQL Injection
CVSS 8.1
CVE-2026-20001 MEDIUM
Cisco Secure FMC Software - Authenticated SQL Injection via REST API
CVSS 6.5
CVE-2026-2363 MEDIUM
WP-Members Membership Plugin <3.5.5.1 - SQL Injection
CVSS 6.5
CVE-2026-1651 MEDIUM
Email Subscribers by Icegram Express <5.9.16 - SQL Injection
CVSS 6.5
Details
Vulnerabilities 19,497
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits