CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,515 vulnerabilities with CWE-89
CVE-2025-69214 HIGH
OpenSTAManager < 2.9.8 - Authenticated SQL Injection via ajax_select.php Componenti Operation
CVSS 8.8
CVE-2025-15325 MEDIUM
Tanium Discover < 4.10.90 - SQL Injection
CVSS 6.3
CVE-2025-13379 HIGH
IBM Aspera Console 3.4.0-3.4.8 - SQL Injection
CVSS 8.6
CVE-2025-10258 MEDIUM
Infinera DNA < r24.2 - Time-Based SQL Injection
CVSS 6.3
CVE-2025-13192 HIGH
Popup builder with Gamification - SQL Injection
CVSS 8.2
CVE-2025-69215 HIGH
OpenSTAManager < 2.9.8 - SQL Injection in Stampe Module
CVSS 8.8
CVE-2025-69213 HIGH
OpenSTAManager <= 2.9.8 - Authenticated SQL Injection via idanagrafica Parameter
CVSS 8.8
CVE-2025-5329 CRITICAL
Martcode Software Inc. Delta Course Automation through 04022026 <4.02.2026 - SQL Injection
CVSS 9.8
CVE-2025-15268 HIGH
Infility Global <2.14.46 - SQL Injection
CVSS 7.5
CVE-2025-10878 CRITICAL
Fikir Odalari AdminPando < 1.0.1 - Unauthenticated SQL Injection via Login Parameters
CVSS 10.0
CVE-2025-70311 MEDIUM
JEEWMS 1.0 - SQL Injection via id1 and id2 Parameters
CVSS 6.5
CVE-2025-63624 CRITICAL
Shandong Kede Electronics IoT Smart Water Meter Monitoring Platform 1.0 - SQL Injection via imei_list.aspx
CVSS 9.8
CVE-2025-57529 CRITICAL
YouDataSum CPAS Audit Management System <=4.9 - SQL Injection via /cpasList/findArchiveReportByDah
CVSS 9.8
CVE-2025-5319 CRITICAL
DIGITA Efficiency Management System <03022026 - SQL Injection
CVSS 9.8
CVE-2025-8587 HIGH
AKCE Software Technology R&D Industry and Trade Inc. SKSPro <7.01.2...
CVSS 8.6
CVE-2025-69662 HIGH
geopandas < 1.1.2 - SQL Injection via to_postgis() Function
CVSS 8.6
CVE-2025-4686 HIGH
Kodmatic Online Exam and Assessment through 30012026 - SQL Injection
CVSS 8.6
CVE-2025-7714 HIGH
Global Interactive Design Media Software CMS <21072025 - SQL Injection
CVSS 7.5
CVE-2025-15344 MEDIUM
Tanium Asset < 1.28.254 - SQL Injection
CVSS 6.3
CVE-2025-57793 HIGH
Explorance Blue < 8.14.9 - Unauthenticated SQL Injection
CVSS 8.6
CVE-2025-57792 CRITICAL
Explorance Blue < 8.14.9 - Unauthenticated SQL Injection via Web Application Endpoint
CVSS 10.0
CVE-2025-69563 CRITICAL
Mobile Shop Management System 1.0 - SQL Injection via Password Parameter
CVSS 9.8
CVE-2025-69562 CRITICAL
Mobile Shop Management System 1.0 - SQL Injection via userid Parameter
CVSS 9.8
CVE-2025-59473 HIGH
ExpressionEngine 7.0.0-7.5.13 - Authenticated SQL Injection
CVSS 7.2
CVE-2025-14973 MEDIUM
Recipe Card Blocks Lite <3.4.13 - SQL Injection
CVSS 6.8
Details
Vulnerabilities 19,515
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits