CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,545 vulnerabilities with CWE-89
CVE-2025-64493 MEDIUM
SuiteCRM 8.6.0-8.9.0 - Authenticated Blind SQL Injection via GraphQL API appMetadata Operation
CVSS 6.5
CVE-2025-64492 HIGH
SuiteCRM 8.0.0-8.9.0 - Authenticated Time-Based Blind SQL Injection
CVSS 8.8
CVE-2025-64488 HIGH
SuiteCRM < 7.14.8 and 8.0.0-beta.1-8.9.0 - SQL Injection via Crafted call_id
CVSS 8.8
CVE-2025-63718 MEDIUM
SourceCodester PQMS 1.0 - SQL Injection
CVSS 6.5
CVE-2025-12873 MEDIUM
Campcodes School File Management 1.0 - SQL Injection
CVSS 4.7
CVE-2025-63689 CRITICAL
ycf1998 money-pos < 2025-09-14 - SQL Injection via orderby Parameter
CVSS 10.0
CVE-2025-52425 CRITICAL
QuMagie >= 2.6.0 < 2.7.0 - SQL Injection
CVSS 9.8
CVE-2025-12861 MEDIUM
DedeBIZ < 6.3.2 - SQL Injection via /admin/spec_add.php flags[] Parameter
CVSS 4.7
CVE-2025-12860 MEDIUM
DedeBIZ < 6.3.2 - SQL Injection via /admin/freelist_main.php orderby Parameter
CVSS 4.7
CVE-2025-12859 MEDIUM
DedeBIZ < 6.3.2 - SQL Injection via /admin/templets_one_edit.php ids Parameter
CVSS 4.7
CVE-2025-12857 MEDIUM
Responsive Hotel Site 1.0 - SQL Injection
CVSS 4.7
CVE-2025-12856 MEDIUM
Code-projects Responsive Hotel Site 1.0 - SQL Injection
CVSS 4.7
CVE-2025-12855 MEDIUM
Responsive Hotel Site 1.0 - SQL Injection
CVSS 4.7
CVE-2025-12853 MEDIUM
SourceCodester Best House Rental Management System 1.0 - SQL Injection
CVSS 4.7
CVE-2025-10968 HIGH
PaperWork <6.1.0.9398 - SQL Injection
CVSS 8.8
CVE-2025-10870 CRITICAL
DIAL's CentrosNet <v2.64 - SQL Injection
CVE-2025-34247 MEDIUM
Advantech WebAccess/VPN < 1.1.5 - Authenticated SQL Injection via NetworksController Datatable Search
CVSS 6.5
CVE-2025-34246 MEDIUM
Advantech WebAccess/VPN < 1.1.5 - Authenticated SQL Injection via AjaxPrevalidationController
CVSS 6.5
CVE-2025-34245 MEDIUM
Advantech WebAccess/VPN < 1.1.5 - Authenticated SQL Injection via Datatable Search Parameters
CVSS 6.5
CVE-2025-34244 MEDIUM
Advantech WebAccess/VPN < 1.1.5 - Authenticated SQL Injection via Datatable Search Parameters
CVSS 6.5
CVE-2025-34243 MEDIUM
Advantech WebAccess/VPN < 1.1.5 - Authenticated SQL Injection via Datatable Search Parameters
CVSS 6.5
CVE-2025-34242 MEDIUM
Advantech WebAccess/VPN < 1.1.5 - Authenticated SQL Injection via AjaxNetworkController Datatable Search
CVSS 6.5
CVE-2025-34241 MEDIUM
Advantech WebAccess/VPN < 1.1.5 - Authenticated SQL Injection via AjaxDeviceController.ajaxDeviceAction
CVSS 6.5
CVE-2025-34240 MEDIUM
Advantech WebAccess/VPN < 1.1.5 - Authenticated SQL Injection via AppManagementController.appUpgradeAction
CVSS 6.5
CVE-2025-60239 HIGH
CoSchool LMS <1.4.3 - SQL Injection
CVSS 8.5
Details
Vulnerabilities 19,545
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits