Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-89

CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,572 vulnerabilities with CWE-89

CVE-2025-11514 MEDIUM

Online Complaint Site 1.0 - SQL Injection via Username Parameter in /cms/users/index.php

CVE-2025-11513 HIGH

E-Commerce Website 1.0 - SQL Injection via supp_id Parameter in supplier_update.php

CVE-2025-11511 MEDIUM

code-projects E-Commerce Website 1.0 - SQL Injection via supp_email Parameter

CVE-2025-11509 MEDIUM

E-Commerce Website 1.0 - SQL Injection via prod_name Parameter

CVE-2025-11507 HIGH

PHPGurukul Beauty Parlour Management System 1.1 - SQL Injection via /admin/search-invoices.php searchdata Parameter

CVE-2025-11506 HIGH

PHPGurukul Beauty Parlour Management System 1.1 - SQL Injection via Search Appointment Parameter

CVE-2025-11505 HIGH

PHPGurukul Beauty Parlour Management System 1.1 - SQL Injection via /admin/new-appointment.php delid Parameter

CVE-2025-60311 HIGH

ProjectWorlds Gym Management System 1.0 - SQL Injection

CVE-2025-11503 HIGH

PHPGurukul Beauty Parlour Management System 1.1 - SQL Injection via delid Parameter in manage-services.php

CVE-2025-11487 MEDIUM

SourceCodester Farm Management System 1.0 - SQL Injection via /uploadProduct.php Type Parameter

CVE-2025-11486 MEDIUM

SourceCodester Farm Management System 1.0 - SQL Injection via /buyNow.php Name Parameter

CVE-2025-11481 MEDIUM

varunsardana004 Blood-Bank-And-Donation-Management-System < 2021-03-18 - SQL Injection via Fullname Parameter

CVE-2025-11480 HIGH

Simple E-Commerce Bookstore 1.0 - SQL Injection via Register Username Parameter

CVE-2025-11479 HIGH

Wedding Reservation Management System 1.0 - SQL Injection via insertReservation Function

CVE-2025-11478 MEDIUM

SourceCodester Farm Management System 1.0 - SQL Injection

CVE-2025-11477 HIGH

Wedding Reservation Management System 1.0 - SQL Injection via User Argument in global.php

CVE-2025-11476 HIGH

SourceCodester Simple E-Commerce Bookstore 1.0 - SQL Injection

CVE-2025-11475 HIGH

Advanced Library Management System 1.0 - SQL Injection

CVE-2025-11474 MEDIUM

SourceCodester Hotel and Lodge Management System 1.0 - SQL Injection

CVE-2025-11473 HIGH

SourceCodester Hotel and Lodge Management System 1.0 - SQL Injection

CVE-2025-11472 HIGH

SourceCodester Hotel and Lodge Management System 1.0 - SQL Injection

CVE-2025-11471 HIGH

SourceCodester Hotel and Lodge Management System 1.0 - SQL Injection

CVE-2025-10649 MEDIUM

Welcart e-Commerce <2.11.21 - SQL Injection

CVE-2025-10351 CRITICAL

Melis Platform < 5.3.4 - SQL Injection via idPage Parameter

CVE-2025-11469 MEDIUM

SourceCodester Hotel and Lodge Management System 1.0 - SQL Injection

Previous Page 98 of 783 Next

Details

Vulnerabilities 19,572

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy