Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-89

CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,515 vulnerabilities with CWE-89

CVE-2025-14990 HIGH

Complete Online Beauty Parlor Management System 1.0 - SQL Injection via viewid Parameter

CVE-2025-14989 HIGH

Campcodes Complete Online Beauty Parlor Management System 1.0 - SQL Injection via /admin/search-invoices.php

CVE-2025-14968 HIGH

Simple Stock System 1.0 - SQL Injection via Email Parameter in Update Endpoint

CVE-2025-14967 HIGH

Student Management System 1.0 - SQL Injection via school_year Parameter in candidates_report.php

CVE-2025-14966 MEDIUM

fastadmin < 1.6.1.20250430 - SQL Injection via Backend Controller selectpage Function

CVE-2025-14961 HIGH

Simple Blood Donor Management System 1.0 - SQL Injection via campaignname Parameter in /editedcampaign.php

CVE-2025-14960 HIGH

Simple Blood Donor Management System 1.0 - SQL Injection via Name Parameter in editeddonor.php

CVE-2025-14959 HIGH

Simple Stock System 1.0 - SQL Injection via Username Parameter in signup.php

CVE-2025-14952 HIGH

Campcodes Supplier Management System 1.0 - SQL Injection via txtCategoryName Parameter

CVE-2025-14951 HIGH

Scholars Tracking System 1.0 - SQL Injection via post_content Parameter

CVE-2025-14950 HIGH

Scholars Tracking System 1.0 - SQL Injection via /delete_post.php ID Parameter

CVE-2025-14940 HIGH

Scholars Tracking System 1.0 - SQL Injection via /admin/delete_user.php ID Parameter

CVE-2025-14939 MEDIUM

Online Appointment Booking System 1.0 - SQL Injection via Managername Parameter

CVE-2025-14900 MEDIUM

CodeAstro Real Estate Management System 1.0 - SQL Injection via /admin/userdelete.php ID Parameter

CVE-2025-14899 MEDIUM

CodeAstro Real Estate Management System 1.0 - SQL Injection in Administrator Endpoint

CVE-2025-14898 MEDIUM

CodeAstro Real Estate Management System 1.0 - SQL Injection in Administrator Endpoint

CVE-2025-14897 MEDIUM

CodeAstro Real Estate Management System 1.0 - SQL Injection via /admin/useragentdelete.php

CVE-2025-63948 MEDIUM

phpMsAdmin 2.2 - SQL Injection via dbname Parameter

CVE-2025-46268 MEDIUM

Advantech WebAccess/SCADA - SQL Injection

CVE-2025-14877 HIGH

Campcodes Supplier Management System 1.0 - SQL Injection via cmbAreaCode Parameter

CVE-2025-64371 HIGH

shinetheme Traveler <3.2.6 - SQL Injection

CVE-2025-60062 CRITICAL

mmetrodw tPlayer <= 1.2.1.6 - SQL Injection

CVE-2025-58951 CRITICAL

smartcms Advance Seat Reservation Management - SQL Injection

CVE-2025-14314 HIGH

Roxnor PopupKit <2.1.5 - SQL Injection

CVE-2025-14834 MEDIUM

Simple Stock System 1.0 - SQL Injection via Username Parameter in checkuser.php

Previous Page 71 of 781 Next

Details

Vulnerabilities 19,515

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy