CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,545 vulnerabilities with CWE-89
CVE-2025-13495 MEDIUM
FluentCart < 1.3.1 - Authenticated SQL Injection via groupKey Parameter
CVSS 4.9
CVE-2025-65380 MEDIUM
PHPGurukul Billing System 1.0 - SQL Injection via Username Parameter
CVSS 6.5
CVE-2025-65877 HIGH
Lvzhou CMS <c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 - SQL Injection
CVSS 7.5
CVE-2025-65379 MEDIUM
PHPGurukul Billing System 1.0 - SQL Injection via Username or Mobileno Parameter
CVSS 6.5
CVE-2025-65896 CRITICAL
long2ice asyncmy < 0.2.10 - SQL Injection via Crafted Dict Keys
CVSS 9.8
CVE-2025-60736 CRITICAL
code-projects Online Medicine Guide 1.0 - SQL Injection
CVSS 9.8
CVE-2025-65358 CRITICAL
edoc-doctor-appointment-system 1.0.1 - SQL Injection via docid Parameter
CVSS 9.8
CVE-2025-13372 MEDIUM
Django 4.2-4.2.26 5.1-5.1.14 5.2a1-5.2.8 - SQL Injection via FilteredRelation Column Aliases
CVSS 4.3
CVE-2025-41013 CRITICAL
TCMAN GIM v11 20250304 - SQL Injection via idmant Parameter
CVSS 9.8
CVE-2025-12465 HIGH
QuickCMS 6.8 - Authenticated Blind SQL Injection via aFilesDelete
CVE-2025-13090 MEDIUM
WP Directory Kit <1.4.6 - SQL Injection
CVSS 4.9
CVE-2025-13724 HIGH
VikRentCar Car Rental Management System <1.4.4 - SQL Injection
CVSS 7.5
CVE-2025-12483 MEDIUM
The Visualizer: Tables and Charts Manager for WordPress <3.11.12 - ...
CVSS 6.5
CVE-2025-13001 MEDIUM
donations < 1.0 - Authenticated SQL Injection
CVSS 4.1
CVE-2025-13000 HIGH
db-access < 0.8.7 - Authenticated SQL Injection
CVSS 7.7
CVE-2025-66313 HIGH
ChurchCRM < 6.2.0 - Time-Based Blind SQL Injection via 1FieldSec Parameter
CVSS 7.2
CVE-2025-66205 HIGH
Frappe <15.86.0-14.99.2 - SQL Injection
CVSS 7.1
CVE-2025-51683 CRITICAL
mJobtime 15.7.2 - Unauthenticated Blind SQL Injection via /Default.aspx/update_profile_Server Endpoint
CVSS 9.8
CVE-2025-63535 CRITICAL
Blood Bank Management System 1.0 - SQL Injection
CVSS 9.6
CVE-2025-63532 CRITICAL
Blood Bank Management System 1.0 - SQL Injection
CVSS 9.6
CVE-2025-63531 CRITICAL
Blood Bank Management System 1.0 - SQL Injection
CVSS 10.0
CVE-2025-13811 MEDIUM
jsnjfz WebStack-Guns 1.0 - SQL Injection via Sort Parameter
CVSS 6.3
CVE-2025-13788 HIGH
Chanjet CRM < 2025-11-06 - SQL Injection via gblOrgID Parameter in /tools/upgradeattribute.php
CVSS 7.3
CVE-2025-13783 MEDIUM
wtcms < 2019-12-20 - SQL Injection via CommentadminController ids Parameter
CVSS 6.3
CVE-2025-13782 HIGH
WTCMS < 2019-12-20 - SQL Injection via SlideController Delete Function
CVSS 7.3
Details
Vulnerabilities 19,545
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits