CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,510 vulnerabilities with CWE-89
CVE-2026-1545 HIGH
itsourcecode School Management System 1.0 - SQL Injection via /course/index.php ID Parameter
CVSS 7.3
CVE-2026-1535 HIGH
Online Music Site 1.0 - SQL Injection via AdminReply.php ID Argument
CVSS 7.3
CVE-2026-1534 HIGH
Online Music Site 1.0 - SQL Injection via AdminEditUser.php ID Parameter
CVSS 7.3
CVE-2026-1533 MEDIUM
Online Music Site 1.0 - SQL Injection in AdminAddCategory.php
CVSS 4.7
CVE-2026-22243 HIGH
EGroupware < 23.1.20260113 - Authenticated SQL Injection via Nextmatch Filter Processing
CVSS 8.8
CVE-2026-0702 HIGH
VidShop - Shoppable Videos for WooCommerce <1.1.4 - SQL Injection
CVSS 7.5
CVE-2026-1483 HIGH
quatuor evaluacion_de_desempeno - Out-of-Band SQL Injection via Id_usuario Parameter
CVSS 7.5
CVE-2026-1482 HIGH
quatuor evaluacion_de_desempeno - Out-of-Band SQL Injection via Id_evaluacion Parameter
CVSS 7.5
CVE-2026-1481 HIGH
quatuor evaluacion_de_desempeno - Out-of-Band SQL Injection via Id_usuario Parameter
CVSS 7.5
CVE-2026-1480 HIGH
quatuor evaluacion_de_desempeno - Out-of-Band SQL Injection via Id_usuario Parameter
CVSS 7.5
CVE-2026-1479 HIGH
quatuor evaluacion_de_desempeno - Out-of-Band SQL Injection via Id_usuario and Id_evaluacion Parameters
CVSS 7.5
CVE-2026-1478 HIGH
Quatuor Evaluacin de Desempeo - Out-of-Band SQL Injection via Id_usuario and Id_evaluacion Parameters
CVSS 7.5
CVE-2026-1477 HIGH
quatuor evaluacion_de_desempeno - Out-of-Band SQL Injection via Id_usuario and Id_evaluacion Parameters
CVSS 7.5
CVE-2026-1476 HIGH
quatuor evaluacion_de_desempeno - Out-of-Band SQL Injection via Id_usuario Parameter
CVSS 7.5
CVE-2026-1475 HIGH
quatuor evaluacion_de_desempeno - Out-of-Band SQL Injection via Id_usuario Parameter
CVSS 7.5
CVE-2026-1474 HIGH
quatuor evaluacion_de_desempeno - Out-of-Band SQL Injection via Id_usuario and Id_evaluacion Parameters
CVSS 7.5
CVE-2026-1473 HIGH
quatuor evaluacion_de_desempeno - Out-of-Band SQL Injection via Id_usuario Parameter
CVSS 7.5
CVE-2026-1472 HIGH
quatuor evaluacion_de_desempeno - Out-of-Band SQL Injection via txAny Parameter
CVSS 7.5
CVE-2026-1449 HIGH
Hisense TransTech Smart Bus Management System <20260113 - SQL Injec...
CVSS 7.3
CVE-2026-1443 HIGH
Online Music Site 1.0 - SQL Injection via AdminDeleteUser.php ID Parameter
CVSS 7.3
CVE-2026-1422 HIGH
Online Examination System 1.0 - SQL Injection via User Parameter in Login Page
CVSS 7.3
CVE-2026-0806 MEDIUM
WP-ClanWars <= 2.0.1 - Authenticated SQL Injection via Orderby Parameter
CVSS 4.9
CVE-2026-24624 HIGH
saeros1984 Neoforum <=1.0.0 - SQL Injection
CVSS 7.6
CVE-2026-24572 HIGH
Nelio Content <4.1.0 - SQL Injection
CVSS 8.5
CVE-2026-0603 HIGH
Red Hat AMQ Broker 7 - SQL Injection via InlineIdsOrClauseBuilder ID Column
CVSS 8.3
Details
Vulnerabilities 19,510
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits