CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7
CVEs mapped to this weakness (10,236)
page 194 of 512| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-8969 | Hig | 0.47 | 7.3 | 0.00 | Aug 14, 2025 | A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/approve_user.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely.… | ||
| CVE-2025-8968 | Hig | 0.47 | 7.3 | 0.00 | Aug 14, 2025 | A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/disapprove_user.php. The manipulation of the argument ID leads to sql injection. The attack can be launched… | ||
| CVE-2025-8967 | Hig | 0.47 | 7.3 | 0.00 | Aug 14, 2025 | A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/packages.php. The manipulation of the argument pname leads to sql injection. It is possible to launch the attack remotely.… | ||
| CVE-2025-8966 | Hig | 0.47 | 7.3 | 0.00 | Aug 14, 2025 | A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/operations/tax.php. The manipulation of the argument tname leads to sql injection. The attack may be initiated remotely. The… | ||
| CVE-2025-8960 | Hig | 0.47 | 7.3 | 0.00 | Aug 14, 2025 | A vulnerability has been found in Campcodes Online Flight Booking Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/save_airlines.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely.… | ||
| CVE-2025-8957 | Hig | 0.47 | 7.3 | 0.00 | Aug 14, 2025 | A vulnerability was determined in Campcodes Online Flight Booking Management System 1.0. Affected is an unknown function of the file /flights.php. The manipulation of the argument departure_airport_id leads to sql injection. It is possible to launch the attack remotely. The… | ||
| CVE-2025-8955 | Hig | 0.47 | 7.3 | 0.00 | Aug 14, 2025 | A vulnerability has been found in PHPGurukul Hospital Management System 4.0. This vulnerability affects unknown code of the file /admin/edit-doctor.php. The manipulation of the argument docfees leads to sql injection. The attack can be initiated remotely. The exploit has been… | ||
| CVE-2025-8954 | Hig | 0.47 | 7.3 | 0.00 | Aug 14, 2025 | A vulnerability was identified in PHPGurukul Hospital Management System 4.0. This affects an unknown part of the file /admin/doctor-specilization.php. The manipulation of the argument doctorspecilization leads to sql injection. It is possible to initiate the attack remotely. The… | ||
| CVE-2025-8953 | Hig | 0.47 | 7.3 | 0.00 | Aug 14, 2025 | A vulnerability was determined in SourceCodester COVID 19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /check_availability.php. The manipulation of the argument employeeid leads to sql injection. The attack may be launched… | ||
| CVE-2025-8952 | Hig | 0.47 | 7.3 | 0.00 | Aug 14, 2025 | A vulnerability was found in Campcodes Online Flight Booking Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login of the component Login. The manipulation of the argument Username leads to sql injection. The… | ||
| CVE-2025-8951 | Hig | 0.47 | 7.3 | 0.00 | Aug 14, 2025 | A vulnerability has been found in PHPGurukul Teachers Record Management System 2.1. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has… | ||
| CVE-2025-8950 | Hig | 0.47 | 7.3 | 0.00 | Aug 14, 2025 | A vulnerability was identified in Campcodes Online Recruitment Management System 1.0. This issue affects some unknown processing of the file /Recruitment/index.php?page=view_vacancy. The manipulation of the argument ID leads to sql injection. The attack may be initiated… | ||
| CVE-2025-8948 | Hig | 0.47 | 7.3 | 0.00 | Aug 14, 2025 | A vulnerability was determined in projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /front.php. The manipulation of the argument rid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the… | ||
| CVE-2025-8947 | Hig | 0.47 | 7.3 | 0.00 | Aug 14, 2025 | A vulnerability was found in projectworlds Visitor Management System 1.0. This issue affects some unknown processing of the file /query_data.php. The manipulation of the argument dateF/dateP leads to sql injection. The attack may be initiated remotely. The exploit has been… | ||
| CVE-2025-8946 | Hig | 0.47 | 7.3 | 0.00 | Aug 14, 2025 | A vulnerability has been found in projectworlds Online Notes Sharing Platform 1.0. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument User leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed… | ||
| CVE-2025-8936 | Hig | 0.47 | 7.3 | 0.00 | Aug 14, 2025 | A vulnerability was determined in 1000 Projects Sales Management System 1.0. Affected by this issue is some unknown functionality of the file /superstore/dist/dordupdate.php. The manipulation of the argument select2 leads to sql injection. The attack may be launched remotely.… | ||
| CVE-2025-8935 | Hig | 0.47 | 7.3 | 0.00 | Aug 14, 2025 | A vulnerability was found in 1000 Projects Sales Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /superstore/custcmp.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The… | ||
| CVE-2025-8932 | Hig | 0.47 | 7.3 | 0.00 | Aug 14, 2025 | A vulnerability was determined in 1000 Projects Sales Management System 1.0. This vulnerability affects unknown code of the file /superstore/admin/sales.php. The manipulation of the argument ssalescat leads to sql injection. The attack can be initiated remotely. The exploit has… | ||
| CVE-2025-8926 | Hig | 0.47 | 7.3 | 0.00 | Aug 13, 2025 | A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The… | ||
| CVE-2025-8925 | Hig | 0.47 | 7.3 | 0.00 | Aug 13, 2025 | A vulnerability has been found in itsourcecode Sports Management System 1.0. Affected is an unknown function of the file /Admin/match.php. The manipulation of the argument code leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed… |
- risk 0.47cvss 7.3epss 0.00
A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/approve_user.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely.…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/disapprove_user.php. The manipulation of the argument ID leads to sql injection. The attack can be launched…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/packages.php. The manipulation of the argument pname leads to sql injection. It is possible to launch the attack remotely.…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/operations/tax.php. The manipulation of the argument tname leads to sql injection. The attack may be initiated remotely. The…
- risk 0.47cvss 7.3epss 0.00
A vulnerability has been found in Campcodes Online Flight Booking Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/save_airlines.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely.…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was determined in Campcodes Online Flight Booking Management System 1.0. Affected is an unknown function of the file /flights.php. The manipulation of the argument departure_airport_id leads to sql injection. It is possible to launch the attack remotely. The…
- risk 0.47cvss 7.3epss 0.00
A vulnerability has been found in PHPGurukul Hospital Management System 4.0. This vulnerability affects unknown code of the file /admin/edit-doctor.php. The manipulation of the argument docfees leads to sql injection. The attack can be initiated remotely. The exploit has been…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was identified in PHPGurukul Hospital Management System 4.0. This affects an unknown part of the file /admin/doctor-specilization.php. The manipulation of the argument doctorspecilization leads to sql injection. It is possible to initiate the attack remotely. The…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was determined in SourceCodester COVID 19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /check_availability.php. The manipulation of the argument employeeid leads to sql injection. The attack may be launched…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was found in Campcodes Online Flight Booking Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login of the component Login. The manipulation of the argument Username leads to sql injection. The…
- risk 0.47cvss 7.3epss 0.00
A vulnerability has been found in PHPGurukul Teachers Record Management System 2.1. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was identified in Campcodes Online Recruitment Management System 1.0. This issue affects some unknown processing of the file /Recruitment/index.php?page=view_vacancy. The manipulation of the argument ID leads to sql injection. The attack may be initiated…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was determined in projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /front.php. The manipulation of the argument rid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was found in projectworlds Visitor Management System 1.0. This issue affects some unknown processing of the file /query_data.php. The manipulation of the argument dateF/dateP leads to sql injection. The attack may be initiated remotely. The exploit has been…
- risk 0.47cvss 7.3epss 0.00
A vulnerability has been found in projectworlds Online Notes Sharing Platform 1.0. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument User leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was determined in 1000 Projects Sales Management System 1.0. Affected by this issue is some unknown functionality of the file /superstore/dist/dordupdate.php. The manipulation of the argument select2 leads to sql injection. The attack may be launched remotely.…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was found in 1000 Projects Sales Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /superstore/custcmp.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was determined in 1000 Projects Sales Management System 1.0. This vulnerability affects unknown code of the file /superstore/admin/sales.php. The manipulation of the argument ssalescat leads to sql injection. The attack can be initiated remotely. The exploit has…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The…
- risk 0.47cvss 7.3epss 0.00
A vulnerability has been found in itsourcecode Sports Management System 1.0. Affected is an unknown function of the file /Admin/match.php. The manipulation of the argument code leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed…