Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-89

CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,510 vulnerabilities with CWE-89

CVE-2025-50191 HIGH

Chamilo < 1.11.30 - SQL Injection via POST userFile in hotpotatoes.php

CVE-2025-50190 CRITICAL

Chamilo < 1.11.30 - SQL Injection via GET openid.assoc_handle Parameter

CVE-2025-50189 HIGH

Chamilo LMS < 1.11.30 - SQL Injection via POST resource[document] Parameter

CVE-2025-50188 HIGH

Chamilo LMS < 1.11.30 - SQL Injection via GET Value Parameter

CVE-2025-12462 CRITICAL

DobryCMS <8.0 - Blind SQL Injection

CVE-2025-30062 MEDIUM

CheckUnitCodeAndKey.pl - SQL Injection

CVE-2025-10350 HIGH

CGM NETRAAD < 7.9.0 - SQL Injection via Imageserver C-FIND Query Processing

CVE-2025-13673 HIGH

Tutor LMS < 3.9.6 - Unauthenticated SQL Injection via Coupon Code Parameter

CVE-2025-15498 CRITICAL

Pro3W CMS 1.2.0 - Unauthenticated SQL Injection via Login Form

CVE-2025-11252 CRITICAL

Windesk.Fm through 27022026 - SQL Injection

CVE-2025-11251 CRITICAL

Dayneks E-Commerce Platform <27022026 - SQL Injection

CVE-2025-11165 CRITICAL

dotcms < 24.12.27 - Authenticated Remote Code Execution via Velocity Scripting Engine Sandbox Escape

CVE-2025-41002 CRITICAL

Infoticketing - Unauthenticated SQL Injection via 'code' Parameter in cartApplyDiscount.php

CVE-2025-69366 CRITICAL

Emerce Core <= 1.8 - Blind SQL Injection

CVE-2025-69365 CRITICAL

Uroan Core <= 1.4.4 - Blind SQL Injection

CVE-2025-69337 CRITICAL

Wolmart Core <=1.9.6 - SQL Injection

CVE-2025-69310 CRITICAL

Woodly Core <= 1.4 - Blind SQL Injection

CVE-2025-69309 CRITICAL

Saasplate Core <=1.2.8 - SQL Injection

CVE-2025-69308 CRITICAL

Nestbyte Core <=1.2 - SQL Injection

CVE-2025-69307 CRITICAL

Medinik Core <=1.3.6 - SQL Injection

CVE-2025-69306 CRITICAL

Electio Core <= 1.4 - Blind SQL Injection

CVE-2025-69305 CRITICAL

Crete Core <= 1.4.3 - Blind SQL Injection

CVE-2025-69304 CRITICAL

Allmart <= 1.1 - Blind SQL Injection

CVE-2025-69295 CRITICAL

Coven Core <= 1.3 - Blind SQL Injection

CVE-2025-67987 HIGH

Quiz And Survey Master <=10.3.1 - SQL Injection

Previous Page 62 of 781 Next

Details

Vulnerabilities 19,510

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy