CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,569 vulnerabilities with CWE-89
CVE-2025-11611 MEDIUM
SourceCodester Simple Inventory System 1.0 - SQL Injection via uemail Parameter
CVSS 6.3
CVE-2025-11610 MEDIUM
SourceCodester Simple Inventory System 1.0 - SQL Injection via /brand.php editBrandName Parameter
CVSS 6.3
CVE-2025-11608 HIGH
code-projects E-Banking System 1.0 - SQL Injection via Username/Password Parameter
CVSS 7.3
CVE-2025-11606 MEDIUM
iPynch Social Network Website <b6933b6d7f82c84819abe458ccf0e59d6111...
CVSS 6.3
CVE-2025-11605 MEDIUM
Client Details System 1.0 - SQL Injection via uid Parameter in update-profile.php
CVSS 6.3
CVE-2025-11604 HIGH
projectworlds Online Ordering Food System 1.0 - SQL Injection via Status Parameter in all-orders.php
CVSS 7.3
CVE-2025-11603 MEDIUM
Simple Food Ordering System 1.0 - SQL Injection via Category Parameter in /editproduct.php
CVSS 6.3
CVE-2025-11601 HIGH
Online Student Result System 1.0 - SQL Injection via Username Parameter in login.php
CVSS 7.3
CVE-2025-11600 MEDIUM
Simple Food Ordering System 1.0 - SQL Injection via editcategory.php cname Parameter
CVSS 6.3
CVE-2025-11599 HIGH
Campcodes Online Apartment Visitor Management System 1.0 - SQL Injection via Forgot Password Email Parameter
CVSS 7.3
CVE-2025-11597 MEDIUM
E-Commerce Website 1.0 - SQL Injection via prod_id Parameter in product_add_qty.php
CVSS 6.3
CVE-2025-9947 MEDIUM
Custom 404 Pro <3.12.0 - SQL Injection
CVSS 4.9
CVE-2025-11596 HIGH
E-Commerce Website 1.0 - SQL Injection via order_id Parameter in delete_order_details.php
CVSS 7.3
CVE-2025-11595 MEDIUM
Campcodes Online Apartment Visitor Management System 1.0 - SQL Injection via Mobile Number Parameter
CVSS 4.7
CVE-2025-10175 MEDIUM
WP Links Page <4.9.6 - SQL Injection
CVSS 6.5
CVE-2025-10185 MEDIUM
NEX-Forms - Ultimate Forms Plugin for WordPress <9.1.6 - SQL Injection
CVSS 4.9
CVE-2025-10048 MEDIUM
My auctions allegro plugin <3.6.31 - SQL Injection
CVSS 4.9
CVE-2025-11593 MEDIUM
CodeAstro Gym Management System 1.0 - SQL Injection via Delete Equipment ID Parameter
CVSS 6.3
CVE-2025-11592 MEDIUM
CodeAstro Gym Management System 1.0 - SQL Injection via /admin/edit-equipmentform.php ID Parameter
CVSS 6.3
CVE-2025-11591 MEDIUM
CodeAstro Gym Management System 1.0 - SQL Injection via Delete Member ID Parameter
CVSS 6.3
CVE-2025-11590 MEDIUM
CodeAstro Gym Management System 1.0 - SQL Injection via /admin/equipment-entry.php ename Parameter
CVSS 6.3
CVE-2025-11589 MEDIUM
CodeAstro Gym Management System 1.0 - SQL Injection via /admin/user-payment.php Plan Parameter
CVSS 6.3
CVE-2025-11588 MEDIUM
CodeAstro Gym Management System 1.0 - SQL Injection via fullname Parameter
CVSS 6.3
CVE-2025-11585 HIGH
Project Monitoring System 1.0 - SQL Injection via uid Parameter in useredit.php
CVSS 7.3
CVE-2025-11584 HIGH
Online Job Search Engine 1.0 - SQL Injection via txtspecialization Parameter
CVSS 7.3
Details
Vulnerabilities 19,569
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits