CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,515 vulnerabilities with CWE-89
CVE-2025-15210 MEDIUM
Refugee Food Management System 1.0 - SQL Injection via editrefugee.php Argument
CVSS 6.3
CVE-2025-15209 MEDIUM
Refugee Food Management System 1.0 - SQL Injection via editfood.php Parameter Manipulation
CVSS 6.3
CVE-2025-15208 HIGH
Refugee Food Management System 1.0 - SQL Injection via rfid Parameter in editrefugee.php
CVSS 7.3
CVE-2025-15207 HIGH
Campcodes Supplier Management System 1.0 - SQL Injection via chkId[] Parameter
CVSS 7.3
CVE-2025-15206 HIGH
Campcodes Supplier Management System 1.0 - SQL Injection via txtAreaCode Parameter
CVSS 7.3
CVE-2025-15205 MEDIUM
Student File Management System 1.0 - SQL Injection via download.php istore_id Parameter
CVSS 6.3
CVE-2025-67255 HIGH
Nagios XI 2026R1.0.1 - Authenticated SQL Injection via Dashboard Parameters
CVSS 8.8
CVE-2025-15198 HIGH
College Notes Uploading System 1.0 - SQL Injection via User Parameter in login.php
CVSS 7.3
CVE-2025-15196 HIGH
code-projects Assessment Management 1.0 - SQL Injection via login.php userid Parameter
CVSS 7.3
CVE-2025-15195 HIGH
code-projects Assessment Management 1.0 - SQL Injection via linked[] Parameter
CVSS 7.3
CVE-2025-15186 HIGH
Refugee Food Management System 1.0 - SQL Injection via /home/addusers.php a Parameter
CVSS 7.3
CVE-2025-15185 HIGH
Refugee Food Management System 1.0 - SQL Injection via 'a' Parameter in /home/refugeesreport.php
CVSS 7.3
CVE-2025-15184 HIGH
Refugee Food Management System 1.0 - SQL Injection via 'a' Parameter in refugeesreport2.php
CVSS 7.3
CVE-2025-15183 HIGH
Refugee Food Management System 1.0 - SQL Injection via tfid Parameter
CVSS 7.3
CVE-2025-15182 HIGH
Refugee Food Management System 1.0 - SQL Injection via refNo Parameter
CVSS 7.3
CVE-2025-15181 HIGH
Refugee Food Management System 1.0 - SQL Injection via rfid Parameter in pagenateRefugeesList.php
CVSS 7.3
CVE-2025-15169 MEDIUM
BiggiDroid Simple PHP CMS 1.0 - SQL Injection via /admin/editsite.php ID Parameter
CVSS 4.7
CVE-2025-15168 HIGH
itsourcecode Student Management System 1.0 - SQL Injection via statistical.php ID Parameter
CVSS 7.3
CVE-2025-15167 HIGH
Online Cake Ordering System 1.0 - SQL Injection via detailtransac.php ID Parameter
CVSS 7.3
CVE-2025-15166 HIGH
Online Cake Ordering System 1.0 - SQL Injection via /updatesupplier.php ID Parameter
CVSS 7.3
CVE-2025-15165 HIGH
Online Cake Ordering System 1.0 - SQL Injection via /updatecustomer.php ID Parameter
CVSS 7.3
CVE-2025-15143 MEDIUM
EyouCMS < 1.7.6 - SQL Injection via FilemanagerLogic.php Content Argument
CVSS 4.7
CVE-2025-15142 HIGH
phpok3w < 901d96a06809fb28b17f3a4362c59e70411c933c - SQL Injection via ID Parameter in show.php
CVSS 7.3
CVE-2025-15140 HIGH
saiftheboss7 onlinemcqexam <0e56806132971e49721db3ef01868098c7b42ad...
CVSS 7.3
CVE-2025-15127 HIGH
FantasticLBP Hotels_Server - SQL Injection
CVSS 7.3
Details
Vulnerabilities 19,515
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits