CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
18,856 vulnerabilities with CWE-89
CVE-2026-40482
HIGH
ChurchCRM has Authenticated SQL Injection in `/api/families/byCheckNumber/{scanString}`
CVE-2026-40285
HIGH
WeGIA has SQL Injection via Session Variable Override in DespachoControle.php
CVSS 8.8
CVE-2026-37749
CRITICAL
Simple Attendance Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2026-6490
HIGH
QueryMine sms GET Request Parameter deletecourse.php sql injection
CVSS 7.3
CVE-2026-6488
MEDIUM
QueryMine sms GET Request Parameter editcourse.php sql injection
CVSS 6.3
CVE-2026-34018
CRITICAL
CubeCart < prior to 6.6.0 - SQL Injection
CVSS 9.8
CVE-2026-6080
MEDIUM
Tutor LMS <= 3.9.8 - Authenticated (Admin+) SQL Injection via 'date' Parameter
CVSS 6.5
CVE-2026-3330
MEDIUM
Form Maker by 10Web <= 1.15.40 - Authenticated (Administrator+) SQL Injection via 'ip_search' Parameter
CVSS 4.9
CVE-2026-4817
MEDIUM
MasterStudy LMS <= 3.7.25 - Authenticated (Subscriber+) Time-based Blind SQL Injection via 'order' and 'orderby' Parameters
CVSS 6.5
CVE-2026-40900
HIGH
DataEase has SQL Injection via Stacked Queries
CVSS 8.8
CVE-2026-33207
HIGH
DataEase SQL Injection Vulnerability
CVSS 8.8
CVE-2026-33122
CRITICAL
DataEase has SQL Injection via Datasource Management
CVSS 9.8
CVE-2026-33121
HIGH
DataEase has SQL Injection via Datasource Save Flow
CVSS 8.8
CVE-2026-33084
HIGH
DataEase has SQL Injection through its getFieldEnumObj Endpoint
CVSS 8.8
CVE-2026-33083
HIGH
DataEase has SQL Injection in Order By Clause
CVSS 8.8
CVE-2026-33082
CRITICAL
DataEase: SQL Injection in v2 Dataset Export
CVSS 9.8
CVE-2026-37347
CRITICAL
SourceCodester Payroll Management and Information System 1.0 - SQL Injection
CVSS 9.1
CVE-2026-37346
MEDIUM
SourceCodester Payroll Management and Information System 1.0 - SQL Injection
CVSS 4.7
CVE-2026-37345
CRITICAL
SourceCodester Vehicle Parking Area Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2026-37344
HIGH
SourceCodester Vehicle Parking Area Management System 1.0 - SQL Injection
CVSS 7.2
CVE-2026-37343
HIGH
SourceCodester Vehicle Parking Area Management System 1.0 - SQL Injection
CVSS 7.2
CVE-2026-37342
HIGH
SourceCodester Vehicle Parking Area Management System 1.0 - SQL Injection
CVSS 7.2
CVE-2026-37341
HIGH
SourceCodester Vehicle Parking Area Management System 1.0 - SQL Injection
CVSS 7.2
CVE-2026-37340
CRITICAL
Simple Music Cloud Community System 1.0 - SQL Injection
CVSS 9.8
CVE-2026-37339
CRITICAL
Simple Music Cloud Community System 1.0 - SQL Injection
CVSS 9.8
Details
Vulnerabilities
18,856
Exploit Likelihood
High