CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
18,856 vulnerabilities with CWE-89
CVE-2026-6148
HIGH
code-projects Vehicle Showroom Management System MonthTotalReportUpdateFunction.php sql injection
CVSS 7.3
CVE-2026-6142
HIGH
tushar-2223 Hotel Management System roomdelete.php sql injection
CVSS 7.3
CVE-2026-5207
MEDIUM
LifterLMS <= 9.2.1 - Authenticated (Custom+) SQL Injection via 'order' Parameter
CVSS 6.5
CVE-2026-36236
CRITICAL
SourceCodester Engineers Online Portal 1.0 - SQL Injection
CVSS 9.8
CVE-2026-36235
CRITICAL
Online Student Enrollment System 1.0 - SQL Injection
CVSS 9.8
CVE-2026-36234
CRITICAL
Online Student Enrollment System 1.0 - SQL Injection
CVSS 9.8
CVE-2026-36233
CRITICAL
Online Student Enrollment System 1.0 - SQL Injection
CVSS 9.8
CVE-2026-36232
CRITICAL
Online Student Enrollment System 1.0 - SQL Injection
CVSS 9.8
CVE-2026-29861
CRITICAL
PHP-MYSQL-User-Login-System 1.0 - SQL Injection
CVSS 9.8
CVE-2026-23780
HIGH
BMC Control-M/MFT 9.0.20-9.0.22 - SQL Injection
CVSS 8.8
CVE-2026-6038
HIGH
code-projects Vehicle Showroom Management System RegisterCustomerFunction.php sql injection
CVSS 7.3
CVE-2026-6037
HIGH
code-projects Vehicle Showroom Management System AddVehicleFunction.php sql injection
CVSS 7.3
CVE-2026-6036
HIGH
code-projects Vehicle Showroom Management System VehicleDetailsFunction.php sql injection
CVSS 7.3
CVE-2026-6033
MEDIUM
CodeAstro Online Classroom updatedetailsfromstudent.php sql injection
CVSS 6.3
CVE-2026-6031
HIGH
code-projects Simple IT Discussion Forum add-category-function.php sql injection
CVSS 7.3
CVE-2026-6030
MEDIUM
itsourcecode Construction Management System del1.php sql injection
CVSS 6.3
CVE-2026-6010
MEDIUM
CodeAstro Online Classroom takeassessment2.php sql injection
CVSS 6.3
CVE-2026-6007
MEDIUM
itsourcecode Construction Management System del.php sql injection
CVSS 6.3
CVE-2026-6006
MEDIUM
code-projects Patient Record Management System edit_hpatient.php sql injection
CVSS 6.3
CVE-2026-6005
MEDIUM
code-projects Patient Record Management System hematology_print.php sql injection
CVSS 6.3
CVE-2026-6004
HIGH
code-projects Simple IT Discussion Forum delete-category.php sql injection
CVSS 7.3
CVE-2026-5985
HIGH
code-projects Simple IT Discussion Forum crud.php sql injection
CVSS 7.3
CVE-2026-5961
HIGH
code-projects Simple IT Discussion Forum topic-details.php sql injection
CVSS 7.3
CVE-2026-4112
ANALYSIS PENDING
Sonicwall SMA1000 - SQL Injection
CVE-2026-34185
HIGH
SQL Injection in Hydrosystem Control System
CVSS 8.8
Details
Vulnerabilities
18,856
Exploit Likelihood
High