VYPR

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7

CVEs mapped to this weakness (10,236)

page 156 of 512
  • CVE-2026-5634HigApr 6, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in projectworlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file /book_car.php of the component Parameter Handler. The manipulation of the argument fname leads to sql injection. The attack can be…

  • CVE-2026-5577HigApr 5, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in Song-Li cross_browser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a. This affects an unknown part of the file flask/uniquemachine_app.py of the component details Endpoint. Such manipulation of the argument ID leads to sql injection. The attack…

  • CVE-2026-5575HigApr 5, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was detected in SourceCodester/jkev Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipulation of the argument Username results in sql injection. The attack may be…

  • CVE-2026-5565HigApr 5, 2026
    risk 0.47cvss 7.3epss 0.00

    A security vulnerability has been detected in code-projects Simple Laundry System 1.0. Affected by this issue is some unknown functionality of the file /delmemberinfo.php of the component Parameter Handler. Such manipulation of the argument userid leads to sql injection. The…

  • CVE-2026-5564HigApr 5, 2026
    risk 0.47cvss 7.3epss 0.00

    A weakness has been identified in code-projects Simple Laundry System 1.0. Affected by this vulnerability is an unknown functionality of the file /searchguest.php of the component Parameter Handler. This manipulation of the argument searchServiceId causes sql injection. The…

  • CVE-2026-5555HigApr 5, 2026
    risk 0.47cvss 7.3epss 0.00

    A weakness has been identified in code-projects Concert Ticket Reservation System 1.0. This affects an unknown part of the file /ConcertTicketReservationSystem-master/login.php of the component Parameter Handler. Executing a manipulation of the argument Email can lead to sql…

  • CVE-2026-5554HigApr 5, 2026
    risk 0.47cvss 7.3epss 0.00

    A security flaw has been discovered in code-projects Concert Ticket Reservation System 1.0. Affected by this issue is some unknown functionality of the file /ConcertTicketReservationSystem-master/process_search.php of the component Parameter Handler. Performing a manipulation of…

  • CVE-2026-5551HigApr 5, 2026
    risk 0.47cvss 7.3epss 0.00

    A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/login.php of the component Parameter Handler. The manipulation of the argument email results in sql injection. The attack may…

  • CVE-2026-5540HigApr 5, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modifymember.php of the component Parameter Handler. Such manipulation of the argument firstName leads to sql injection. The attack can be launched…

  • CVE-2026-5534HigApr 5, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in itsourcecode Online Enrollment System 1.0. This affects an unknown function of the file /sms/user/index.php?view=edit&id=10 of the component Parameter Handler. Such manipulation of the argument USERID leads to sql injection. The attack can be…

  • CVE-2026-5368HigApr 2, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was determined in projectworlds Car Rental Project 1.0. The affected element is an unknown function of the file /login.php of the component Parameter Handler. This manipulation of the argument uname causes sql injection. Remote exploitation of the attack is…

  • CVE-2026-5334HigApr 2, 2026
    risk 0.47cvss 7.3epss 0.00

    A weakness has been identified in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=edit&id=3 of the component Parameter Handler. This manipulation of the argument deptid causes sql injection. The attack is possible…

  • CVE-2026-5322HigApr 2, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in AlejandroArciniegas mcp-data-vis bc597e391f184d2187062fd567599a3cb72adf51/de5a51525a69822290eaee569a1ab447b490746d. This affects the function Request of the file src/servers/database/server.js of the component MCP Handler. The manipulation leads…

  • CVE-2026-30273HigApr 1, 2026
    risk 0.47cvss 7.3epss 0.00

    pandas-ai v3.0.0 was discovered to contain a SQL injection vulnerability via the pandasai.agent.base._execute_sql_query component.

  • CVE-2026-5257HigApr 1, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in code-projects Simple Laundry System 1.0. This issue affects some unknown processing of the file /delstaffinfo.php of the component Parameter Handler. Such manipulation of the argument userid leads to sql injection. The attack can be executed…

  • CVE-2026-5256HigApr 1, 2026
    risk 0.47cvss 7.3epss 0.00

    A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modify.php of the component Parameter Handler. This manipulation of the argument firstName causes sql injection. Remote exploitation of the attack is possible.…

  • CVE-2026-5238HigApr 1, 2026
    risk 0.47cvss 7.3epss 0.00

    A weakness has been identified in itsourcecode Payroll Management System 1.0. Affected by this issue is some unknown functionality of the file /view_employee.php of the component Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack…

  • CVE-2026-5237HigMar 31, 2026
    risk 0.47cvss 7.3epss 0.00

    A security flaw has been discovered in itsourcecode Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /manage_user.php of the component Parameter Handler. Performing a manipulation of the argument ID results in sql injection.…

  • CVE-2026-5198HigMar 31, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was determined in code-projects Student Membership System 1.0. The impacted element is an unknown function of the file /admin/index.php of the component Admin Login. This manipulation of the argument username/password causes sql injection. Remote exploitation of…

  • CVE-2026-5195HigMar 31, 2026
    risk 0.47cvss 7.3epss 0.00

    A flaw has been found in code-projects Student Membership System 1.0. This issue affects some unknown processing of the component User Registration Handler. Executing a manipulation can lead to sql injection. The attack can be launched remotely.