Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-89

CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,510 vulnerabilities with CWE-89

CVE-2025-61024 HIGH

openlink virtuoso-opensource 7.2.11 - Denial of Service via sqlo_try_in_loop SQL Statement

CVE-2025-61025 HIGH

openlink virtuoso-opensource 7.2.11 - Denial of Service via Crafted SQL Statements

CVE-2025-61022 HIGH

openlink virtuoso-opensource 7.2.11 - Denial of Service via sqlo_tb_col_preds SQL Statement

CVE-2025-61020 HIGH

openlink virtuoso-opensource 7.2.11 - Denial of Service via sqlo_strip_in_join SQL Statement

CVE-2025-61018 HIGH

openlink virtuoso-opensource 7.2.11 - Denial of Service via sqlo_place_dt_set

CVE-2025-66336 HIGH

Apache Doris MCP Server: SQL injection leading the authentication bypass

CVE-2025-59554 CRITICAL

WordPress Advanced Ads – Tracking plugin < 3.0.7 - SQL Injection vulnerability

CVE-2025-69135 HIGH

WordPress Events Schedule - WordPress Events Calendar Plugin plugin <= 2.7.2 - SQL Injection vulnerability

CVE-2025-15655 HIGH

WordPress School Management plugin <= 93.2.0 - SQL Injection vulnerability

CVE-2025-30028 HIGH

Synology Active Backup For Business - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE-2025-36220 MEDIUM

Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.

CVE-2025-11024 CRITICAL

SQLi in Akıllı Ticaret's E-Commerce Pack

CVE-2025-53681 HIGH

Fortinet FortiMail - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE-2025-6577 CRITICAL

SQLi in Akilli Commerce's E-Commerce Website

CVE-2025-14179 CRITICAL

SQL injection in pdo_firebird via NUL bytes in quoted strings

CVE-2025-68060 HIGH

WordPress Team Member plugin <= 8.5 - SQL Injection vulnerability

CVE-2025-50229 CRITICAL

jizhicms v2.5.4 - SQL Injection in Product Editing Module

CVE-2025-41029 CRITICAL

SQL injection in Zeon Academy Pro by Zeon Global Tech

CVE-2025-66335 MEDIUM

Apache Doris MCP Server: MCP SQL inject

CVE-2025-15625 CRITICAL

Unauthenticated execution of arbitrary SQL queries in Sparx Pro Cloud Server

CVE-2025-63029 HIGH

WordPress WCFM Marketplace plugin <= 3.7.1 - SQL Injection vulnerability

CVE-2025-65135 CRITICAL

School-management-system 1.0 - SQL Injection

CVE-2025-65133 CRITICAL

School Management System 1.0 - SQL Injection

CVE-2025-63939 CRITICAL

Grocery Store Management System 1.0 - SQL Injection

CVE-2025-61848 HIGH

FortiManager and FortiAnalyzer - Authenticated SQL Injection via JSON RPC API

Previous Page 60 of 781 Next

Details

Vulnerabilities 19,510

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy