CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,510 vulnerabilities with CWE-89
CVE-2026-24367 HIGH
shinetheme Traveler < 3.2.8 - SQL Injection
CVSS 8.5
CVE-2026-22470 HIGH
FireStorm Professional Real Estate <2.7.11 - SQL Injection
CVSS 7.6
CVE-2026-1179 HIGH
Yonyou KSOA 9.0 - SQL Injection via /kmf/user_popedom.jsp folderid Parameter
CVSS 7.3
CVE-2026-1178 HIGH
Yonyou KSOA 9.0 - SQL Injection via /kmf/select.jsp folderid Parameter
CVSS 7.3
CVE-2026-1177 HIGH
Yonyou KSOA 9.0 - SQL Injection via /kmf/save_folder.jsp folderid Parameter
CVSS 7.3
CVE-2026-1176 HIGH
itsourcecode School Management System 1.0 - SQL Injection via ID Parameter in subject/index.php
CVSS 7.3
CVE-2026-22850 HIGH
Koko Analytics <2.1.3 - SQL Injection
CVSS 8.3
CVE-2026-1160 HIGH
PHPGurukul Directory Management System 1.0 - SQL Injection via Search Parameter
CVSS 7.3
CVE-2026-1159 HIGH
Online Frozen Foods Ordering System 1.0 - SQL Injection via product_name Parameter
CVSS 7.3
CVE-2026-0610 CRITICAL
Devolutions Server 2025.3.1-2025.3.12 - SQL Injection in Remote Sessions
CVSS 9.8
CVE-2026-1133 HIGH
Yonyou KSOA 9.0 - SQL Injection via /kmf/folder.jsp folderid Parameter
CVSS 7.3
CVE-2026-1132 HIGH
Yonyou KSOA 9.0 - SQL Injection via /kmf/edit_folder.jsp folderid Parameter
CVSS 7.3
CVE-2026-1131 HIGH
Yonyou KSOA 9.0 - SQL Injection via /kmc/save_catalog.jsp catalogid Parameter
CVSS 7.3
CVE-2026-1130 HIGH
Yonyou KSOA 9.0 - SQL Injection via ID Parameter in worksheet/worksadd_plan.jsp
CVSS 7.3
CVE-2026-1129 HIGH
Yonyou KSOA 9.0 - SQL Injection via /worksheet/worksadd.jsp ID Parameter
CVSS 7.3
CVE-2026-1124 HIGH
Yonyou KSOA 9.0 - SQL Injection via /worksheet/work_report.jsp ID Parameter
CVSS 7.3
CVE-2026-1123 HIGH
Yonyou KSOA 9.0 - SQL Injection via /worksheet/work_mod.jsp ID Parameter
CVSS 7.3
CVE-2026-1122 HIGH
Yonyou KSOA 9.0 - SQL Injection via /worksheet/work_info.jsp ID Parameter
CVSS 7.3
CVE-2026-1121 HIGH
Yonyou KSOA 9.0 - SQL Injection via /worksheet/del_workplan.jsp ID Parameter
CVSS 7.3
CVE-2026-1120 HIGH
Yonyou KSOA 9.0 - SQL Injection via /worksheet/del_work.jsp ID Parameter
CVSS 7.3
CVE-2026-1119 HIGH
Society Management System 1.0 - SQL Injection via activity_id Parameter
CVSS 7.3
CVE-2026-1118 MEDIUM
Society Management System 1.0 - SQL Injection via Title Parameter in add_activity.php
CVSS 6.3
CVE-2026-1105 HIGH
EasyCMS < 1.6 - SQL Injection via _order Parameter in UserAction.class.php
CVSS 7.3
CVE-2026-1059 HIGH
FeMiner warehouse_management_system < 2021-11-15 - SQL Injection via Username Parameter in chkuser.php
CVSS 7.3
CVE-2026-1050 HIGH
risenet-y9boot-support-platform-service - SQL Injection in REST Authenticate Endpoint
CVSS 7.3
Details
Vulnerabilities 19,510
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits