CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,545 vulnerabilities with CWE-89
CVE-2025-13270 MEDIUM
Campcodes School Fees Payment Management System 1.0 - SQL Injection via ID Parameter in save_course Action
CVSS 6.3
CVE-2025-13269 MEDIUM
Campcodes School Fees Payment Management System 1.0 - SQL Injection via ID Parameter in /ajax.php
CVSS 6.3
CVE-2025-13267 MEDIUM
Dental Clinic Appointment Reservation System 1.0 - SQL Injection via Username/Password Parameter
CVSS 6.3
CVE-2025-13264 MEDIUM
SourceCodester Online Magazine Management System 1.0 - SQL Injection via /view_magazine.php ID Parameter
CVSS 6.3
CVE-2025-13263 MEDIUM
SourceCodester Online Magazine Management System 1.0 - SQL Injection via categories.php c Parameter
CVSS 6.3
CVE-2025-13260 MEDIUM
Campcodes Supplier Management System 1.0 - SQL Injection via cmbProductUnit Parameter
CVSS 6.3
CVE-2025-13259 MEDIUM
Campcodes Supplier Management System 1.0 - SQL Injection via ID Parameter in edit_unit.php
CVSS 6.3
CVE-2025-13257 HIGH
itsourcecode Inventory Management System 1.0 - SQL Injection via ID Parameter in Edit User Page
CVSS 7.3
CVE-2025-13256 MEDIUM
projectworlds Advanced Library Management System 1.0 - SQL Injection via borrow.php roll_number Parameter
CVSS 6.3
CVE-2025-13255 MEDIUM
projectworlds Advanced Library Management System 1.0 - SQL Injection via book_search.php book_pub/book_title Parameter
CVSS 6.3
CVE-2025-13254 MEDIUM
projectworlds Advanced Library Management System 1.0 - SQL Injection via Roll Number Parameter
CVSS 6.3
CVE-2025-13253 MEDIUM
projectworlds Advanced Library Management System 1.0 - SQL Injection via Username Parameter in /add_librarian.php
CVSS 6.3
CVE-2025-13251 MEDIUM
datax-web < 2.1.2 - SQL Injection
CVSS 6.3
CVE-2025-13248 HIGH
Patients Waiting Area Queue Management System 1.0 - SQL Injection via appointmentID Parameter
CVSS 7.3
CVE-2025-13247 HIGH
PHPGurukul Tourism Management System 1.0 - SQL Injection via /admin/user-bookings.php uid Parameter
CVSS 7.3
CVE-2025-13243 MEDIUM
code-projects Student Information System 2.0 - SQL Injection via /editprofile.php
CVSS 6.3
CVE-2025-13242 HIGH
Student Information System 2.0 - SQL Injection via /register.php
CVSS 7.3
CVE-2025-13241 HIGH
code-projects Student Information System 2.0 - SQL Injection via Username Parameter
CVSS 7.3
CVE-2025-13240 HIGH
Student Information System 2.0 - SQL Injection via searchquery.php s Parameter
CVSS 7.3
CVE-2025-13237 HIGH
itsourcecode Inventory Management System 1.0 - SQL Injection via U_USERNAME Parameter
CVSS 7.3
CVE-2025-12482 HIGH
Amelia plugin <1.2.35 - SQL Injection
CVSS 7.5
CVE-2025-13236 MEDIUM
itsourcecode Inventory Management System 1.0 - SQL Injection via ID Parameter in Edit Product
CVSS 6.3
CVE-2025-13235 HIGH
itsourcecode Inventory Management System 1.0 - SQL Injection via user_email Parameter
CVSS 7.3
CVE-2025-13234 MEDIUM
itsourcecode Inventory Management System 1.0 - SQL Injection via PROID Parameter
CVSS 6.3
CVE-2025-13233 HIGH
itsourcecode Inventory Management System 1.0 - SQL Injection via ID Parameter in /index.php?q=single-item
CVSS 7.3
Details
Vulnerabilities 19,545
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits