Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-89

CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,569 vulnerabilities with CWE-89

CVE-2025-62390 MEDIUM

Ivanti Endpoint Manager < 2024 SU5 - Authenticated SQL Injection

CVE-2025-62389 MEDIUM

Ivanti Endpoint Manager < 2024 SU5 - Authenticated SQL Injection

CVE-2025-62388 MEDIUM

Ivanti Endpoint Manager < 2024 SU5 - Authenticated SQL Injection

CVE-2025-62387 MEDIUM

Ivanti Endpoint Manager < 2024 SU5 - Authenticated SQL Injection

CVE-2025-62386 MEDIUM

Ivanti Endpoint Manager < 2024 SU5 - Authenticated SQL Injection

CVE-2025-62385 MEDIUM

Ivanti Endpoint Manager < 2024 SU5 - Authenticated SQL Injection

CVE-2025-62384 MEDIUM

Ivanti Endpoint Manager < 2024 SU5 - Authenticated SQL Injection

CVE-2025-62383 MEDIUM

Ivanti Endpoint Manager < 2024 SU5 - Authenticated SQL Injection

CVE-2025-62360 HIGH

WeGIA < 3.5.1 - SQL Injection via id_dependente Parameter

CVE-2025-62179 HIGH

WeGIA < 3.5.1 - SQL Injection via CPF Parameter in Funcionario Endpoint

CVE-2025-62177 HIGH

WeGIA < 3.5.1 - SQL Injection via id_funcionario Parameter

CVE-2025-11623 MEDIUM

Ivanti Endpoint Manager < 2024 SU5 - Authenticated SQL Injection

CVE-2025-6919 CRITICAL

Cats Information Technology Software Development Technologies Aykom...

CVE-2025-11668 MEDIUM

Automated Voting System 1.0 - SQL Injection via Password Parameter in /admin/update_user.php

CVE-2025-11667 MEDIUM

Automated Voting System 1.0 - SQL Injection via firstname Parameter

CVE-2025-11664 MEDIUM

Campcodes Online Beauty Parlor Management System 1.0 - SQL Injection via Search Appointment Parameter

CVE-2025-11663 MEDIUM

Campcodes Online Beauty Parlor Management System 1.0 - SQL Injection via /admin/manage-services.php sername Parameter

CVE-2025-11662 HIGH

Best Salon Management System 1.0 - SQL Injection via booking.php serv_id Parameter

CVE-2025-11654 HIGH

yousaf530 Inferno Online Clothing Store - SQL Injection

CVE-2025-11629 MEDIUM

DocSys < 2.02.36 - SQL Injection via getUserList Function

CVE-2025-11628 MEDIUM

jimit105 Project-Online-Shopping-Website <7d892f442bd8a96dd242dbe2b...

CVE-2025-11615 HIGH

Best Salon Management System 1.0 - SQL Injection via ServiceId Parameter

CVE-2025-11614 HIGH

Best Salon Management System 1.0 - SQL Injection via editid Parameter in edit-appointment.php

CVE-2025-11613 MEDIUM

Simple Food Ordering System 1.0 - SQL Injection via cname Parameter in addcategory.php

CVE-2025-11612 MEDIUM

Simple Food Ordering System 1.0 - SQL Injection via Category Parameter in addproduct.php

Previous Page 95 of 783 Next

Details

Vulnerabilities 19,569

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy