CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,545 vulnerabilities with CWE-89
CVE-2025-13210 MEDIUM
itsourcecode Inventory Management System 1.0 - SQL Injection via PROMODEL Parameter
CVSS 4.7
CVE-2025-13208 MEDIUM
FantasticLBP Hotels Server <67b44df162fab26df209bd5d5d542875fcbec1d...
CVSS 6.3
CVE-2025-13203 HIGH
Simple Cafe Ordering System 1.0 - SQL Injection via studentnum Parameter
CVSS 7.3
CVE-2025-13201 HIGH
Simple Cafe Ordering System 1.0 - SQL Injection via Username Parameter in /login.php
CVSS 7.3
CVE-2025-8994 MEDIUM
WP Project Manager <2.6.26 - SQL Injection
CVSS 6.5
CVE-2025-64084 MEDIUM
Cloudlog < 2.7.6 - Authenticated SQL Injection via Gridsquare POST Parameter
CVSS 5.4
CVE-2025-63724 MEDIUM
SVX Portal 2.7A - SQL Injection via admin/update_setings.php
CVSS 6.0
CVE-2025-13172 MEDIUM
CodeAstro Gym Management System 1.0 - SQL Injection via ID Parameter in /admin/view-member-report.php
CVSS 6.3
CVE-2025-13171 MEDIUM
ZZCMS 2023 - SQL Injection via /admin/wangkan_list.php keyword Parameter
CVSS 6.3
CVE-2025-13170 HIGH
Simple Online Hotel Reservation System 1.0 - SQL Injection via admin/edit_account.php admin_id Parameter
CVSS 7.3
CVE-2025-13169 HIGH
Simple Online Hotel Reservation System 1.0 - SQL Injection via room_id Parameter
CVSS 7.3
CVE-2025-13168 MEDIUM
ury < 0.2.1 - SQL Injection via overrided_past_order_list search_term Parameter
CVSS 6.3
CVE-2025-11981 MEDIUM
WPSchoolPress <2.2.23 - SQL Injection
CVSS 4.9
CVE-2025-13123 MEDIUM
Amttgroup Hibos - Injection
CVSS 6.3
CVE-2025-13122 HIGH
Patients Waiting Area Queue Management System 1.0 - SQL Injection via appointmentID Parameter
CVSS 7.3
CVE-2025-13121 HIGH
cameasy Liketea 1.0.0 - SQL Injection via StoreController API Endpoint
CVSS 7.3
CVE-2025-12620 MEDIUM
Poll Maker <= 6.0.7 - Authenticated SQL Injection via filterbyauthor
CVSS 4.9
CVE-2025-13076 MEDIUM
Responsive Hotel Site 1.0 - SQL Injection via usname Parameter in usersetting.php
CVSS 4.7
CVE-2025-13075 MEDIUM
Responsive Hotel Site 1.0 - SQL Injection via eid Parameter in usersettingdel.php
CVSS 4.7
CVE-2025-13060 HIGH
SourceCodester Survey Application System 1.0 - SQL Injection via view_survey.php ID Parameter
CVSS 7.3
CVE-2025-13059 MEDIUM
SourceCodester Alumni Management System 1.0 - SQL Injection via manage_career.php ID Parameter
CVSS 6.3
CVE-2025-56385 CRITICAL
WellSky Harmony 4.1.0.2.83 - SQL Injection via TXTUSERID Parameter in xmHarmony.asp
CVSS 9.8
CVE-2025-13057 MEDIUM
Campcodes School Fees Payment Management System 1.0 - SQL Injection via ID Parameter in save_student Action
CVSS 6.3
CVE-2025-64293 HIGH
Golemiq 0 Day Analytics <4.0.0 - SQL Injection
CVSS 7.6
CVE-2025-64280 CRITICAL
CentralSquare Community Development 19.5.7 - SQL Injection via permit_no Field
CVSS 9.8
Details
Vulnerabilities 19,545
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits