CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,545 vulnerabilities with CWE-89
CVE-2025-13770 MEDIUM
WebITR < 2.1.0.34 - Authenticated SQL Injection
CVSS 6.5
CVE-2025-13769 MEDIUM
WebITR < 2.1.0.34 - Authenticated SQL Injection
CVSS 6.5
CVE-2025-13757 HIGH
Devolutions Server <= 2025.2.20 and <= 2025.3.8 - SQL Injection in Last Usage Logs
CVSS 8.8
CVE-2025-11461 HIGH
Frappe CRM 1.53.1 - SQL Injection in Dashboard Controller
CVSS 8.8
CVE-2025-65236 CRITICAL
OpenCode USSD Gateway OC Release 5 - SQL Injection via Session ID Parameter
CVSS 9.8
CVE-2025-65235 CRITICAL
OpenCode Systems USSD Gateway 6.13.11 - SQL Injection via getSubUsersByProvider ID Parameter
CVSS 9.8
CVE-2025-62728 MEDIUM
Apache Hive 4.1.0-4.1.9 - Authenticated SQL Injection via Thrift API Delete Column Statistics Request
CVSS 5.4
CVE-2025-66260 MEDIUM
DB Electronica Telecomunicazioni Mozart FM Transmitter - SQL Injection via status_sql.php sw1 and sw2 Parameters
CVSS 6.5
CVE-2025-61167 MEDIUM
SIGB PMB 8.0.1.14 - SQL Injection via id and datas Parameters in opac_css/ajax_selector.php
CVSS 6.5
CVE-2025-59369 MEDIUM
ASUS Router 3.0.0.4_386 3.0.0.4_388 3.0.0.6_102 - Authenticated SQL Injection
CVE-2025-13385 MEDIUM
Bookme <= 4.2 - Authenticated Time-Based SQL Injection via filter[status]
CVSS 4.9
CVE-2025-13370 MEDIUM
ProjectList <= 0.3.0 - Authenticated Time-Based SQL Injection via ID Parameter
CVSS 4.9
CVE-2025-10144 MEDIUM
Perfect Brands for WooCommerce <3.6.2 - SQL Injection
CVSS 6.5
CVE-2025-56401 HIGH
ZIRA Group WBRM 7.0 - SQL Injection in referenceLookupsByTableNameAndColumnName
CVSS 7.6
CVE-2025-13586 MEDIUM
Online Student Clearance System 1.0 - SQL Injection via txtconfirm_password Parameter
CVSS 4.7
CVE-2025-13585 HIGH
itsourcecode COVID Tracking System 1.0 - SQL Injection via Login Page Code Parameter
CVSS 7.3
CVE-2025-7402 HIGH
Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <4.95 ...
CVSS 7.5
CVE-2025-13583 HIGH
carmelo question_paper_generator 1.0 - SQL Injection via Fname Parameter in POST Handler
CVSS 7.3
CVE-2025-13582 HIGH
Jonnys Liquor 1.0 - SQL Injection via Product Parameter in GET Parameter Handler
CVSS 7.3
CVE-2025-13581 MEDIUM
itsourcecode Student Information System 1.0 - SQL Injection via schedule_edit1.php schedule_id Parameter
CVSS 6.3
CVE-2025-13580 MEDIUM
code-projects Library System 1.0 - SQL Injection via ID Parameter in mail.php
CVSS 6.3
CVE-2025-13579 MEDIUM
code-projects Library System 1.0 - SQL Injection via /return.php ID Parameter
CVSS 6.3
CVE-2025-13578 HIGH
code-projects Library System 1.0 - SQL Injection via Username Parameter in Login
CVSS 7.3
CVE-2025-13575 MEDIUM
fabian blog_site 1.0 - SQL Injection via Category Handler name/field
CVSS 6.3
CVE-2025-13572 HIGH
projectworlds Advanced Library Management System 1.0 - SQL Injection via admin_id Parameter in delete_admin.php
CVSS 7.3
Details
Vulnerabilities 19,545
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits