Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-89

CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,396 vulnerabilities with CWE-89

CVE-2026-10811 MEDIUM

itsourcecode Fees Management System receipt.php sql injection

CVE-2026-10809 MEDIUM

itsourcecode Fees Management System manage_user.php sql injection

CVE-2026-10808 MEDIUM

itsourcecode Fees Management System manage_student.php sql injection

CVE-2026-4104 CRITICAL

SQLi in Akmer Informatics' TeknoPass

CVE-2026-49771 HIGH

WordPress Photo Gallery by 10Web plugin <= 1.8.41 - SQL Injection vulnerability

CVE-2026-8653 MEDIUM

MasterStudy LMS Pro Plus <= 4.8.20 - Authenticated (Instructor+) SQL Injection via 'columns' Parameter

CVE-2026-10704 HIGH

SourceCodester Pizzafy E-Commerce System Administrative Control Panel admin_class_novo.php login sql injection

CVE-2026-10620 HIGH

code-projects Student Admission System index.php sql injection

CVE-2026-5074 MEDIUM

ARMember Premium <= 7.3.1 - Authenticated (Subscriber+) SQL Injection via 'sSortDir_0' Parameter

CVE-2026-5073 HIGH

ARMember Premium <= 7.3.1 - Unauthenticated SQL Injection via 'order' Parameter

CVE-2026-10608 HIGH

DedeCMS carbuyaction.php RemoveXSS sql injection

CVE-2026-10607 HIGH

DedeCMS flink.php dede_htmlspecialchars sql injection

CVE-2026-10606 HIGH

DedeCMS Feedback feedback.php TrimMsg sql injection

CVE-2026-42684 CRITICAL

WordPress WP Job Portal plugin <= 2.5.1 - SQL Injection vulnerability

CVE-2026-10568 MEDIUM

itsourcecode Fees Management System manage_payment.php sql injection

CVE-2026-10302 MEDIUM

itsourcecode Fees Management System 1.0 - SQL Injection via manage_fee.php ID Parameter

CVE-2026-25879 CRITICAL

Langroid < 0.63.0 - SQL Injection via LLM Prompt Injection

CVE-2026-24782 HIGH

Kiteworks < 9.3.0 - Authenticated SQL Injection in Secure Data Forms

CVE-2026-10297 MEDIUM

itsourcecode Fees Management System 1.0 - SQL Injection via /manage_course.php ID Parameter

CVE-2026-10296 MEDIUM

Fees Management System 1.0 - SQL Injection via Username Parameter in /ajax.php

CVE-2026-49491 HIGH

Pixa Bank 2.0 - Unauthenticated SQL Injection via 'rib' Parameter in agence-ajax.php

CVE-2026-10290 HIGH

Hotel and Tourism Reservation System 1.0 - SQL Injection via tour.php GET Parameter

CVE-2026-0075 MEDIUM

Android 14-16 Contacts Database - SQL Injection Privilege Escalation

CVE-2026-10286 MEDIUM

CodeAstro Payroll System 1.0 - SQL Injection via emp_id Parameter in /home_employee.php

CVE-2026-45722 HIGH

Nextcloud Tables 0.9.0-0.9.6 and 1.0.0-1.0.1 - Authenticated SQL Injection in ORDER BY Statement

Previous Page 5 of 776 Next

Details

Vulnerabilities 19,396

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy