VYPR

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7

CVEs mapped to this weakness (10,236)

page 168 of 512
  • CVE-2025-15166HigDec 29, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in itsourcecode Online Cake Ordering System 1.0. This affects an unknown function of the file /updatesupplier.php?action=edit. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made…

  • CVE-2025-15165HigDec 29, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in itsourcecode Online Cake Ordering System 1.0. The impacted element is an unknown function of the file /updatecustomer.php?action=edit. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit…

  • CVE-2025-15142HigDec 28, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in 9786 phpok3w up to 901d96a06809fb28b17f3a4362c59e70411c933c. Impacted is an unknown function of the file show.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is…

  • CVE-2025-15140HigDec 28, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in saiftheboss7 onlinemcqexam up to 0e56806132971e49721db3ef01868098c7b42ada. This vulnerability affects unknown code of the file /admin/quesadd.php. Performing manipulation of the argument ans1/ans2 results in sql injection. The attack is possible to…

  • CVE-2025-15127HigDec 28, 2025
    risk 0.47cvss 7.3epss 0.00

    A security vulnerability has been detected in FantasticLBP Hotels_Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. Affected by this issue is some unknown functionality of the file /controller/api/Room.php. Such manipulation of the argument hotelId leads to sql injection.…

  • CVE-2025-15078HigDec 25, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was detected in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /list_report.php. The manipulation of the argument sy results in sql injection. The attack may be launched remotely. The exploit is now public and…

  • CVE-2025-15077HigDec 25, 2025
    risk 0.47cvss 7.3epss 0.00

    A security vulnerability has been detected in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /form137.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been…

  • CVE-2025-15075HigDec 25, 2025
    risk 0.47cvss 7.3epss 0.00

    A security flaw has been discovered in itsourcecode Student Management System 1.0. This issue affects some unknown processing of the file /student_p.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has…

  • CVE-2025-15074HigDec 25, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in itsourcecode Online Frozen Foods Ordering System 1.0. This vulnerability affects unknown code of the file /customer_details.php. Such manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly…

  • CVE-2025-15073HigDec 24, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was determined in itsourcecode Online Frozen Foods Ordering System 1.0. This affects an unknown part of the file /contact_us.php. This manipulation of the argument Name causes sql injection. It is possible to initiate the attack remotely. The exploit has been…

  • CVE-2025-15053HigDec 24, 2025
    risk 0.47cvss 7.3epss 0.00

    A flaw has been found in code-projects Student Information System 1.0. This issue affects some unknown processing of the file /searchresults.php. Executing manipulation of the argument searchbox can lead to sql injection. The attack may be performed from remote. The exploit has…

  • CVE-2025-15049HigDec 23, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in code-projects Online Farm System 1.0. Affected is an unknown function of the file /addProduct.php. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and…

  • CVE-2025-15034HigDec 23, 2025
    risk 0.47cvss 7.3epss 0.00

    A security flaw has been discovered in itsourcecode Student Management System 1.0. This affects an unknown part of the file /record.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been released to the public…

  • CVE-2025-15012HigDec 22, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was determined in code-projects Refugee Food Management System 1.0. The affected element is an unknown function of the file /home/home.php. This manipulation of the argument a causes sql injection. The attack is possible to be carried out remotely. The exploit…

  • CVE-2025-15011HigDec 22, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in code-projects Simple Stock System 1.0. Impacted is an unknown function of the file /logout.php. The manipulation of the argument uname results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.

  • CVE-2025-15002HigDec 21, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/limit leads to sql injection. The attack can be executed remotely. The exploit has…

  • CVE-2025-14990HigDec 21, 2025
    risk 0.47cvss 7.3epss 0.00

    A security flaw has been discovered in Campcodes Complete Online Beauty Parlor Management System 1.0. Impacted is an unknown function of the file /admin/view-appointment.php. Performing a manipulation of the argument viewid results in sql injection. The attack may be initiated…

  • CVE-2025-14989HigDec 21, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in Campcodes Complete Online Beauty Parlor Management System 1.0. This issue affects some unknown processing of the file /admin/search-invoices.php. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit is…

  • CVE-2025-14968HigDec 19, 2025
    risk 0.47cvss 7.3epss 0.00

    A security flaw has been discovered in code-projects Simple Stock System 1.0. Affected by this issue is some unknown functionality of the file /market/update.php. The manipulation of the argument email results in sql injection. The attack can be launched remotely. The exploit…

  • CVE-2025-14967HigDec 19, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /candidates_report.php. The manipulation of the argument school_year leads to sql injection. The attack can be initiated remotely.…