Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-89

CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,569 vulnerabilities with CWE-89

CVE-2025-62423 MEDIUM

ClipBucket 5.3-5.5.2-140 - Authenticated Blind SQL Injection in Admin Login as User

CVE-2025-60641 MEDIUM

Vfront 0.99.52 - Remote Code Execution via Unsafe Deserialization in mexcel.php

CVE-2025-56700 MEDIUM

Centrax Open PSIM <6.1 - SQL Injection

CVE-2025-56699 MEDIUM

Centrax Open PSIM <6.1 - SQL Injection

CVE-2025-61540 MEDIUM

Ultimate PHP Board 2.2.7 - SQL Injection

CVE-2025-41019 CRITICAL

Sergestec SISTICK <7.2 - SQL Injection

CVE-2025-41018 CRITICAL

Sergestec Exito 8.0 - SQL Injection via cat Parameter

CVE-2025-11365 MEDIUM

WP Google Map Plugin <1.0 - Blind SQL Injection

CVE-2025-11177 HIGH

WordPress External Login <1.11.2 - SQL Injection

CVE-2025-10743 HIGH

Outdoor plugin <1.3.2 - SQL Injection

CVE-2025-10730 MEDIUM

Wp tabber widget plugin <4.0 - SQL Injection

CVE-2025-10682 MEDIUM

TARIFFUXX <= 1.4 - Authenticated SQL Injection via tariffuxx_configurator Shortcode

CVE-2025-10660 MEDIUM

WP Dashboard Chat <1.0.3 - SQL Injection

CVE-2025-10575 MEDIUM

WP jQuery Pager <1.4.0 - SQL Injection

CVE-2025-10310 MEDIUM

Rich Snippet Site Report <2.0.0105 - SQL Injection

CVE-2025-10045 MEDIUM

onOffice for WP-Websites <5.7 - SQL Injection

CVE-2025-11501 HIGH

Dynamically Display Posts <1.2 - SQL Injection

CVE-2025-61675 HIGH

FreePBX endpoint SQLi to RCE

CVE-2025-11736 HIGH

Online Examination System 1.0 - SQL Injection via Username Parameter

CVE-2025-59213 HIGH

Microsoft Configuration Manager SQL Injection (2403<5.00.9128.1035, 2409<5.00.9132.1029, 2503<5.00.9135.1008)

CVE-2025-55320 MEDIUM

Microsoft Configuration Manager - SQL Injection

CVE-2025-10610 CRITICAL

SFS Consulting Information Processing Industry and Foreign Trade In...

CVE-2025-40755 HIGH

SINEC NMS < 4.0 SP1 - Authenticated SQL Injection via getTotalAndFilterCounts Endpoint

CVE-2025-62392 MEDIUM

Ivanti Endpoint Manager < 2024 SU5 - Authenticated SQL Injection

CVE-2025-62391 MEDIUM

Ivanti Endpoint Manager < 2024 SU5 - Authenticated SQL Injection

Previous Page 94 of 783 Next

Details

Vulnerabilities 19,569

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy