Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-89

CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,501 vulnerabilities with CWE-89

CVE-2026-2822 MEDIUM

JeecgBoot < 3.9.1 - SQL Injection via Backend Interface

CVE-2026-2821 HIGH

Fujian Smart Platform <7.5 - SQL Injection

CVE-2026-2820 HIGH

Fujian Smart Platform <7.5 - SQL Injection

CVE-2026-26990 HIGH

LibreNMS < 26.2.0 - Authenticated Time-Based Blind SQL Injection via Address Parameter

CVE-2026-26988 CRITICAL

LibreNMS < 26.2.0 - SQL Injection via IPv6 Address Search in ajax_table.php

CVE-2026-26980 CRITICAL

Ghost 3.24.0-6.19.0 - Info Disclosure

CVE-2026-2435 MEDIUM

Tanium Asset 1.32-1.32.179 - SQL Injection

CVE-2026-2409 CRITICAL

Delinea Cloud Suite <25.2 HF1 - SQL Injection

CVE-2026-2232 HIGH

WooCommerce Lite <=4.6.2 - SQL Injection

CVE-2026-1581 HIGH

wpForo Forum <2.4.14 - SQL Injection

CVE-2026-25418 HIGH

Bit Form <= 2.21.10 - SQL Injection

CVE-2026-25378 HIGH

Nelio AB Testing <=8.2.4 - SQL Injection

CVE-2026-23805 HIGH

Media Search Enhanced <=0.9.1 - SQL Injection

CVE-2026-2706 MEDIUM

Patient Record Management System 1.0 - SQL Injection

CVE-2026-2691 HIGH

itsourcecode Event Management 1.0 - SQL Injection

CVE-2026-2690 HIGH

itsourcecode Event Management 1.0 - SQL Injection

CVE-2026-2689 HIGH

itsourcecode Event Management 1.0 - SQL Injection

CVE-2026-0722 MEDIUM

Shield Security <21.0.8 - CSRF & SQL Injection

CVE-2026-2682 MEDIUM

Tsinghua Unigroup EA System <3.2.210802 - SQL Injection

CVE-2026-27179 HIGH

MajorDoMo - Unauthenticated SQL Injection

CVE-2026-2663 MEDIUM

Alixhan xh-admin-backend <=1.7.0 - SQL Injection

CVE-2026-1317 MEDIUM

WP Import Ultimate CSV XML Importer - SQL Injection

CVE-2026-2495 HIGH

WPNakama Plugin <0.6.5 - SQL Injection

CVE-2026-1639 MEDIUM

Taskbuilder WordPress Plugin <5.0.2 - SQL Injection

CVE-2026-2576 HIGH

Business Directory Plugin 6.4.2 - SQL Injection

Previous Page 51 of 781 Next

Details

Vulnerabilities 19,501

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy