CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,567 vulnerabilities with CWE-89
CVE-2025-12309 HIGH
Nero Social Networking Site 1.0 - SQL Injection via ID Parameter in friendprofile.php
CVSS 7.3
CVE-2025-12308 HIGH
Nero Social Networking Site 1.0 - SQL Injection via deletemessage.php message_id Parameter
CVSS 7.3
CVE-2025-12307 HIGH
Nero Social Networking Site 1.0 - SQL Injection via ID Parameter in addfriend.php
CVSS 7.3
CVE-2025-12306 HIGH
Nero Social Networking Site 1.0 - SQL Injection via ID Parameter in acceptoffres.php
CVSS 7.3
CVE-2025-61385 CRITICAL
tlocke pg8000 <1.31.4 - SQL Injection
CVSS 9.6
CVE-2025-61247 HIGH
indieka900 online-shopping-system-php 1.0 - SQL Injection
CVSS 8.2
CVE-2025-12294 MEDIUM
SourceCodester Point of Sales 1.0 - SQL Injection via delete_category.php ID Parameter
CVSS 4.7
CVE-2025-12293 HIGH
SourceCodester Point of Sales 1.0 - SQL Injection via Category Parameter in category.php
CVSS 7.3
CVE-2025-12292 HIGH
SourceCodester Point of Sales 1.0 - SQL Injection via Username Parameter
CVSS 7.3
CVE-2025-12287 MEDIUM
Bdtask Wholesale < 2025-10-13 - SQL Injection via Admin Dashboard Edit Profile
CVSS 4.7
CVE-2025-12277 HIGH
Abdullah-Hasan-Sajjad Online-School <f09dda77b4c29aa083ff57f4b1eb99...
CVSS 7.3
CVE-2025-41009 CRITICAL
DRED Virtual Campus - SQL Injection
CVE-2025-12263 MEDIUM
Online Event Judging System 1.0 - SQL Injection via judge_id Parameter in edit_judge.php
CVSS 6.3
CVE-2025-12262 MEDIUM
Online Event Judging System 1.0 - SQL Injection via crit_id Parameter in edit_criteria.php
CVSS 6.3
CVE-2025-12261 MEDIUM
CodeAstro Gym Management System 1.0 - SQL Injection via ID Parameter in remove-announcement.php
CVSS 6.3
CVE-2025-12257 HIGH
SourceCodester Online Student Result System 1.0 - SQL Injection via ID Parameter in view_result.php
CVSS 7.3
CVE-2025-12256 MEDIUM
Online Event Judging System 1.0 - SQL Injection via contestant_id Parameter
CVSS 6.3
CVE-2025-12255 MEDIUM
Online Event Judging System 1.0 - SQL Injection via fullname Parameter
CVSS 6.3
CVE-2025-12254 MEDIUM
Online Event Judging System 1.0 - SQL Injection via fullname Parameter in add_judge.php
CVSS 6.3
CVE-2025-12253 HIGH
Amttgroup Hibos - Injection
CVSS 7.3
CVE-2025-12252 MEDIUM
Online Event Judging System 1.0 - SQL Injection via /ajax/action.php Content Parameter
CVSS 6.3
CVE-2025-12248 HIGH
CLTPHP 3.0 - SQL Injection via /home/search.html Keyword Parameter
CVSS 7.3
CVE-2025-12243 MEDIUM
Client Details System 1.0 - SQL Injection via ID Parameter in welcome.php
CVSS 6.3
CVE-2025-12242 MEDIUM
CodeAstro Gym Management System 1.0 - SQL Injection via ID Parameter in check-attendance.php
CVSS 6.3
CVE-2025-12238 MEDIUM
Automated Voting System 1.0 - SQL Injection via Username Parameter in /admin/user.php
CVSS 6.3
Details
Vulnerabilities 19,567
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits