CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,515 vulnerabilities with CWE-89
CVE-2025-37182 HIGH
EdgeConnect SD-WAN Orchestrator - Authenticated SQL Injection
CVSS 7.2
CVE-2025-37181 HIGH
EdgeConnect SD-WAN Orchestrator - Authenticated SQL Injection
CVSS 7.2
CVE-2025-66169 MEDIUM
Apache Camel <4.10.8, <4.14.3, <4.17.0 - Cypher Injection
CVSS 5.3
CVE-2025-14770 HIGH
Shipping Rate By Cities <2.0.0 - SQL Injection
CVSS 7.5
CVE-2025-59922 HIGH
Fortinet FortiClientEMS 7.0.0-7.2.10, 7.4.0-7.4.4 - Authenticated SQL Injection via HTTP Requests
CVSS 7.2
CVE-2025-69991 CRITICAL
phpgurukul News Portal Project V4.1 - SQL Injection in check_availablity.php
CVSS 9.8
CVE-2025-13774 HIGH
Progress Flowmon ADS < 12.5.4 - Authenticated SQL Injection
CVSS 8.8
CVE-2025-67146 CRITICAL
GYM-MANAGEMENT-SYSTEM 1.0 - Unauthenticated SQL Injection via Name/ID Parameters
CVSS 9.4
CVE-2025-67147 CRITICAL
Gym-Management-System-PHP 1.0 - SQL Injection
CVSS 9.8
CVE-2025-51567 CRITICAL
kashipara Online Exam System V1.0 - SQL Injection via Profile Update Parameters
CVSS 9.1
CVE-2025-41006 CRITICAL
Imaster's MEMS Events CRM - SQL Injection
CVE-2025-41005 HIGH
Imaster's MEMS Events CRM - SQL Injection
CVE-2025-41004 HIGH
Imaster's Patient Records Management System - SQL Injection
CVE-2025-52694 CRITICAL
Advantech IoT Edge Linux Docker < 2.0.2 - Unauthenticated SQL Injection
CVSS 10.0
CVE-2025-65091 CRITICAL
XWiki Full Calendar Macro < 2.4.5 - SQL Injection
CVSS 10.0
CVE-2025-51626 MEDIUM
pss.sale.com 1.0 - SQL Injection via cancel_order.php id Parameter
CVSS 6.5
CVE-2025-67811 MEDIUM
Area9 Rhapsode 1.47.3 - Authenticated SQL Injection via API Endpoints
CVSS 6.5
CVE-2025-15496 MEDIUM
yshopmall < 1.9.1 - SQL Injection via /api/jobs sort Parameter
CVSS 6.3
CVE-2025-15494 MEDIUM
DocSys < 2.02.37 - SQL Injection via Username Parameter
CVSS 6.3
CVE-2025-15493 MEDIUM
docsys < 2.02.36 - SQL Injection via searchWord Parameter
CVSS 6.3
CVE-2025-67281 MEDIUM
TIM BPM Suite/ TIM FLOW <= 9.1.2 - SQL Injection
CVSS 5.4
CVE-2025-15492 MEDIUM
docsys < 2.02.36 - SQL Injection via searchWord Argument
CVSS 6.3
CVE-2025-14598 CRITICAL
BeeS Software Solutions BET Portal - SQL Injection
CVSS 9.8
CVE-2025-64092 HIGH
Zenitel ICX500 and ICX510 Firmware < 1.4.3.3 - Unauthenticated SQL Injection via GET Request Parameters
CVSS 7.5
CVE-2025-61548 CRITICAL
edu Business Solutions Print Shop Pro WebDesk <19.69 - SQL Injection
CVSS 9.8
Details
Vulnerabilities 19,515
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits