CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,545 vulnerabilities with CWE-89
CVE-2025-13323
HIGH
Simple Pizza Ordering System 1.0 - SQL Injection via ID Parameter in listorder.php
CVSS 7.3
CVE-2025-13303
MEDIUM
Courier Management System 1.0 - SQL Injection via Consignment Parameter in /search-edit.php
CVSS 6.3
CVE-2025-13302
MEDIUM
Courier Management System 1.0 - SQL Injection via ManagerName Parameter in add-new-officer.php
CVSS 4.7
CVE-2025-13301
HIGH
Web-Based Internet Laboratory Management System 1.0 - SQL Injection via /subject/controller.php
CVSS 7.3
CVE-2025-13300
HIGH
Web-Based Internet Laboratory Management System 1.0 - SQL Injection in /settings/controller.php
CVSS 7.3
CVE-2025-13299
HIGH
Web-Based Internet Laboratory Management System 1.0 - SQL Injection in /user/controller.php
CVSS 7.3
CVE-2025-13298
HIGH
Web-Based Internet Laboratory Management System 1.0 - SQL Injection via Enrollment Controller
CVSS 7.3
CVE-2025-13297
HIGH
Web-Based Internet Laboratory Management System 1.0 - SQL Injection in /course/controller.php
CVSS 7.3
CVE-2025-62519
HIGH
phpmyfaq < 4.0.14 - Authenticated SQL Injection in Configuration Update
CVSS 7.2
CVE-2025-13319
HIGH
Digi On-Prem Manager - SQL Injection
CVSS 8.8
CVE-2025-13291
HIGH
Campcodes Supplier Management System 1.0 - SQL Injection via ID Parameter in confirm_order.php
CVSS 7.3
CVE-2025-13290
MEDIUM
Simple Food Ordering System 1.0 - SQL Injection via /saveorder.php ID Parameter
CVSS 6.3
CVE-2025-13289
MEDIUM
Design & Development of Student Database Management System 1.0 - SQL Injection via SubCode Parameter
CVSS 6.3
CVE-2025-13287
MEDIUM
Online Voting System 1.0 - SQL Injection via id/category Parameter
CVSS 6.3
CVE-2025-13286
MEDIUM
Online Voting System 1.0 - SQL Injection via ID Parameter in /ajax.php
CVSS 6.3
CVE-2025-13285
HIGH
Online Voting System 1.0 - SQL Injection via Username Parameter in login.php
CVSS 7.3
CVE-2025-13280
HIGH
CodeAstro Simple Inventory System 1.0 - SQL Injection via Username Parameter in Login
CVSS 7.3
CVE-2025-13279
MEDIUM
Nero Social Networking Site 1.0 - SQL Injection via Profilefriends.php ID Parameter
CVSS 6.3
CVE-2025-13278
MEDIUM
projectworlds Advanced Library Management System 1.0 - SQL Injection via Date Range Parameters
CVSS 6.3
CVE-2025-13277
HIGH
Nero Social Networking Site 1.0 - SQL Injection via /friendsphoto.php ID Parameter
CVSS 7.3
CVE-2025-13276
HIGH
g33kyrash Online-Banking-System - SQL Injection
CVSS 7.3
CVE-2025-13274
MEDIUM
Campcodes School Fees Payment Management System 1.0 - SQL Injection via /ajax.php ID Parameter
CVSS 6.3
CVE-2025-13273
MEDIUM
Campcodes School Fees Payment Management System 1.0 - SQL Injection via /ajax.php ID Parameter
CVSS 6.3
CVE-2025-13272
HIGH
Campcodes School Fees Payment Management System 1.0 - SQL Injection via /manage_course.php ID Parameter
CVSS 7.3
CVE-2025-13271
HIGH
Campcodes School Fees Payment Management System 1.0 - SQL Injection via Username Parameter in Login Action
CVSS 7.3
Details
Vulnerabilities
19,545
Exploit Likelihood
High