Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-89

CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,515 vulnerabilities with CWE-89

CVE-2025-66947 MEDIUM

krishanmurariji student_management_system 1.0 - SQL Injection via editid GET Parameter

CVE-2025-15088 MEDIUM

ketr JEPaaS <= 7.2.8 - SQL Injection via postilService.loadPostils keyWord Parameter

CVE-2025-15078 HIGH

Student Management System 1.0 - SQL Injection via sy Parameter in list_report.php

CVE-2025-15077 HIGH

itsourcecode Student Management System 1.0 - SQL Injection via form137.php ID Parameter

CVE-2025-15075 HIGH

itsourcecode Student Management System 1.0 - SQL Injection via student_p.php ID Parameter

CVE-2025-15074 HIGH

Online Frozen Foods Ordering System 1.0 - SQL Injection via /customer_details.php

CVE-2025-15073 HIGH

Online Frozen Foods Ordering System 1.0 - SQL Injection via Contact Us Name Parameter

CVE-2025-68914 MEDIUM

Riello UPS NetMan 208 <1.12 - SQL Injection

CVE-2025-68590 HIGH

CRM Perks Integration <1.4.2 - SQL Injection

CVE-2025-68570 HIGH

Captivate Sync <3.2.2 - SQL Injection

CVE-2025-68519 HIGH

BeRocket Brands for WooCommerce <3.8.6.3 - SQL Injection

CVE-2025-68496 HIGH

Syed Balkhi User Feedback <1.10.1 - SQL Injection

CVE-2025-15053 HIGH

Student Information System 1.0 - SQL Injection via Searchbox Parameter

CVE-2025-15049 HIGH

Online Farm System 1.0 - SQL Injection via Username Parameter in addProduct.php

CVE-2025-65354 CRITICAL

PuneethReddyHC event_management 1.0 - SQL Injection via sitem_name POST Parameter

CVE-2025-68561 HIGH

AutomatorWP <= 5.2.4 - SQL Injection

CVE-2025-68550 HIGH

VillaTheme WPBulky <1.1.14 - SQL Injection

CVE-2025-15034 HIGH

itsourcecode Student Management System 1.0 - SQL Injection via /record.php ID Parameter

CVE-2025-12514 HIGH

Centreon Open Tickets 23.10.0-23.10.4, 24.04.0-24.04.5, 24.10.0-24.10.5 - Authenticated SQL Injection

CVE-2025-15014 MEDIUM

loganSite <c035fb5c3edd0b2a5e32fd4051cbbc9e61a31426 - SQL Injection

CVE-2025-15012 HIGH

Refugee Food Management System 1.0 - SQL Injection via 'a' Parameter in /home/home.php

CVE-2025-15011 HIGH

Simple Stock System 1.0 - SQL Injection via uname Parameter in logout.php

CVE-2025-15004 MEDIUM

dedecms < 5.7.118 - SQL Injection via freelist_main.php orderby Parameter

CVE-2025-15003 MEDIUM

SeaCMS < 13.3 - SQL Injection via admin_video.php e_id Parameter

CVE-2025-15002 HIGH

SeaCMS < 13.3 - SQL Injection via Page/Limit Parameter

Previous Page 70 of 781 Next

Details

Vulnerabilities 19,515

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy