Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-89

CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,515 vulnerabilities with CWE-89

CVE-2025-52025 CRITICAL

Aptsys gemscms_backend < 2025-05-28 - SQL Injection via GetServiceByRestaurantID Endpoint

CVE-2025-69180 HIGH

themepassion Ultra Portfolio <=6.7 - SQL Injection

CVE-2025-69045 HIGH

FooEvents for WooCommerce <= 1.20.4 - SQL Injection

CVE-2025-68999 HIGH

HappyMonster Happy Addons <3.20.4 - SQL Injection

CVE-2025-68881 HIGH

Saad Iqbal AppExperts <1.4.5 - SQL Injection

CVE-2025-68857 CRITICAL

ichurakov Paid Downloads <= 3.15 - SQL Injection

CVE-2025-68034 CRITICAL

CleverReach WP <=1.5.22 - SQL Injection

CVE-2025-68017 HIGH

Antideo Email Validator <1.0.10 - SQL Injection

CVE-2025-67945 CRITICAL

MailerLite - WooCommerce <3.1.2 - SQL Injection

CVE-2025-49055 CRITICAL

kamleshyadav WP Lead Capturing Pages <= 2.5 - SQL Injection

CVE-2025-49050 HIGH

kamleshyadav WP Lead Capturing Pages <= 2.5 - SQL Injection

CVE-2025-49049 HIGH

ZoomIt DZS Video Gallery <12.37 - SQL Injection

CVE-2025-36588 HIGH

Dell Unisphere for PowerMax < 9.2.4.19 - Authenticated SQL Injection

CVE-2025-4764 HIGH

Aida Computer Information Technology Inc. Hotel Guest Hotspot <2201...

CVE-2025-27378 HIGH

Altium On-Prem Enterprise Server 7.0.3-7.0.5 - SQL Injection via Inactive Configuration

CVE-2025-67261 MEDIUM

Abacre Retail Point of Sale 14.0.0.396 - Blind SQL Injection via Orders Search Function

CVE-2025-12984 MEDIUM

Advanced Ads - Ad Manager & AdSense <2.0.15 - SQL Injection

CVE-2025-61943 HIGH

AVEVA Process Optimization < 2025 - Authenticated SQL Injection in Captive Historian

CVE-2025-70893 HIGH

PHPGurukul Cyber Cafe Management System 1.0 - Authenticated Time-Based Blind SQL Injection via adminname Parameter

CVE-2025-70892 CRITICAL

Phpgurukul Cyber Cafe Management System 1.0 - SQL Injection via Username Parameter

CVE-2025-66417 HIGH

GLPI 11.0.0-11.0.2 - Unauthenticated SQL Injection via Inventory Endpoint

CVE-2025-67082 MEDIUM

InvoicePlane < 1.6.4 - Authenticated SQL Injection via Report Parameters

CVE-2025-67081 MEDIUM

itflow < 25.06 - Authenticated SQL Injection via Role ID Parameter

CVE-2025-12166 HIGH

Simply Schedule Appointments Booking Plugin <1.6.9.9 - SQL Injection

CVE-2025-37183 HIGH

EdgeConnect SD-WAN Orchestrator - Authenticated SQL Injection

Previous Page 65 of 781 Next

Details

Vulnerabilities 19,515

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy