Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-89

CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,515 vulnerabilities with CWE-89

CVE-2025-61246 CRITICAL

indieka900 online-shopping-system-php 1.0 - SQL Injection

CVE-2025-67928 CRITICAL

themesuite Automotive Listings <18.6 - SQL Injection

CVE-2025-67921 HIGH

VanKarWai Lobo <2.8.6 - SQL Injection

CVE-2025-23993 CRITICAL

RiceTheme Felan Framework <1.1.4 - SQL Injection

CVE-2025-22728 HIGH

AmentoTech Workreap <3.3.6 - SQL Injection

CVE-2025-22713 HIGH

vanquish WooCommerce Orders & Customers Exporter <5.4 - SQL Injection

CVE-2025-32303 CRITICAL

Mojoomla WPCHURCH <2.7.0 - SQL Injection

CVE-2025-69351 HIGH

Shahjahan Jewel Ninja Tables <5.2.4 - SQL Injection

CVE-2025-59379 HIGH

DwyerOmega Isensix Advanced Remote Monitoring System < 1.5.7 - Blind SQL Injection

CVE-2025-9318 MEDIUM

Quiz and Survey Master (QSM) <= 10.3.1 - Authenticated Time-Based SQL Injection

CVE-2025-14153 MEDIUM

Page Expire Popup/Redirection for WordPress <= 1.0 - Authenticated Time-Based SQL Injection via Shortcode ID Attribute

CVE-2025-13652 MEDIUM

CBX Bookmark & Favorite <2.0.4 - SQL Injection

CVE-2025-13409 MEDIUM

Form Vibes - Database Manager for Forms <= 1.4.13 - Authenticated SQL Injection via Params Parameter

CVE-2025-39484 CRITICAL

Waituk Entrada <5.7.7 - SQL Injection

CVE-2025-15029 CRITICAL

Centreon Infra Monitoring 24.04.0-24.04.2, 24.10.0-24.10.2, 25.10.0-25.10.1 - Unauthenticated SQL Injection

CVE-2025-68865 CRITICAL

Infility Global <= 2.15.06 - SQL Injection

CVE-2025-31044 HIGH

AA-Team Premium SEO Pack <3.3.2 - SQL Injection

CVE-2025-30633 CRITICAL

AA-Team Amazon Native Shopping Recommendations <1.3 - SQL Injection

CVE-2025-15239 MEDIUM

QOCA aim < 2.7.6 - Authenticated SQL Injection

CVE-2025-15238 MEDIUM

QOCA aim < 2.7.6 - Authenticated SQL Injection

CVE-2025-15450 MEDIUM

sfturing hosp_order - SQL Injection

CVE-2025-15443 MEDIUM

crmeb < 5.6.1 - SQL Injection via cate_id Parameter in Product Export

CVE-2025-15442 MEDIUM

crmeb < 5.6.1 - SQL Injection via cate_id Parameter in Product List Export

CVE-2025-15439 MEDIUM

Daptin 0.10.3 - SQL Injection via Aggregate API goqu.L Function

CVE-2025-59389 CRITICAL

QNAP Hyper Data Protector < 2.2.4.1 - SQL Injection

Previous Page 67 of 781 Next

Details

Vulnerabilities 19,515

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy