Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-89

CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,567 vulnerabilities with CWE-89

CVE-2025-12237 HIGH

projectworlds Advanced Library Management System 1.0 - SQL Injection via /index.php keywords Parameter

CVE-2025-12226 MEDIUM

Best House Rental Management System 1.0 - SQL Injection via house_no Parameter in save_house Function

CVE-2025-12215 HIGH

projectworlds Online Shopping System 1.0 - SQL Injection via /login_submit.php Keywords Parameter

CVE-2025-12208 HIGH

Best House Rental Management System 1.0 - SQL Injection via Username Parameter in admin_class.php

CVE-2025-8709 HIGH

langgraph-checkpoint-sqlite 2.0.10 - SQL Injection via Filter Operator Handling

CVE-2025-9322 HIGH

Stripe Payment Forms <8.3.1 - SQL Injection

CVE-2025-8416 HIGH

Product Filter by WBW <2.9.7 - SQL Injection

CVE-2025-4203 HIGH

wpForo Forum <2.4.8 - SQL Injection

CVE-2025-11893 MEDIUM

Charitable - Donation Plugin <1.8.8.4 - SQL Injection

CVE-2025-8536 CRITICAL

DobryCMS < 3.0 - SQL Injection via Language Functionality

CVE-2025-11253 CRITICAL

Aksis Technology Inc. Netty ERP <V.1.1000 - SQL Injection

CVE-2025-10748 MEDIUM

RapidResult < 1.2 - Authenticated SQL Injection via 's' Parameter

CVE-2025-10740 MEDIUM

WordPress URL Shortener Plugin <3.0.7 - CSRF

CVE-2025-61464 MEDIUM

gnuboard < 4.36.04 - Second-order SQL Injection via search_table in bbs/search.php

CVE-2025-62617 HIGH

Admidio < 4.3.17 - Authenticated SQL Injection in Member Assignment Data Retrieval

CVE-2025-62606 HIGH

my little forum <2.5.12 - Authenticated SQL Injection

CVE-2025-62015 HIGH

Advanced Coupons for WooCommerce Coupons <5 - SQL Injection

CVE-2025-59557 CRITICAL

ThemeMove Learts Addons <1.7.5 - SQL Injection

CVE-2025-57870 CRITICAL

Esri ArcGIS Server 11.3-11.5 - Unauthenticated SQL Injection via Feature Service Operation

CVE-2025-49931 CRITICAL

CrocoBlock JetSearch <3.5.10 - SQL Injection

CVE-2025-49915 CRITICAL

Cozy Vision SMS Alert Order Notifications <3.8.5 - SQL Injection

CVE-2025-49378 HIGH

Themefic Hydra Booking <1.1.10 - SQL Injection

CVE-2025-48091 HIGH

Alexander AnyComment <=0.3.6 - SQL Injection

CVE-2025-10047 MEDIUM

Email Tracker for WordPress <= 5.3.15 - Authenticated SQL Injection via orderby

CVE-2025-61194 MEDIUM

daicuo V1.3.13 - SQL Injection in Builder.php

Previous Page 92 of 783 Next

Details

Vulnerabilities 19,567

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy