VYPR

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7

CVEs mapped to this weakness (10,236)

page 194 of 512
  • CVE-2025-8969HigAug 14, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/approve_user.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely.…

  • CVE-2025-8968HigAug 14, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/disapprove_user.php. The manipulation of the argument ID leads to sql injection. The attack can be launched…

  • CVE-2025-8967HigAug 14, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/packages.php. The manipulation of the argument pname leads to sql injection. It is possible to launch the attack remotely.…

  • CVE-2025-8966HigAug 14, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/operations/tax.php. The manipulation of the argument tname leads to sql injection. The attack may be initiated remotely. The…

  • CVE-2025-8960HigAug 14, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in Campcodes Online Flight Booking Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/save_airlines.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely.…

  • CVE-2025-8957HigAug 14, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was determined in Campcodes Online Flight Booking Management System 1.0. Affected is an unknown function of the file /flights.php. The manipulation of the argument departure_airport_id leads to sql injection. It is possible to launch the attack remotely. The…

  • CVE-2025-8955HigAug 14, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in PHPGurukul Hospital Management System 4.0. This vulnerability affects unknown code of the file /admin/edit-doctor.php. The manipulation of the argument docfees leads to sql injection. The attack can be initiated remotely. The exploit has been…

  • CVE-2025-8954HigAug 14, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in PHPGurukul Hospital Management System 4.0. This affects an unknown part of the file /admin/doctor-specilization.php. The manipulation of the argument doctorspecilization leads to sql injection. It is possible to initiate the attack remotely. The…

  • CVE-2025-8953HigAug 14, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was determined in SourceCodester COVID 19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /check_availability.php. The manipulation of the argument employeeid leads to sql injection. The attack may be launched…

  • CVE-2025-8952HigAug 14, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in Campcodes Online Flight Booking Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login of the component Login. The manipulation of the argument Username leads to sql injection. The…

  • CVE-2025-8951HigAug 14, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in PHPGurukul Teachers Record Management System 2.1. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has…

  • CVE-2025-8950HigAug 14, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in Campcodes Online Recruitment Management System 1.0. This issue affects some unknown processing of the file /Recruitment/index.php?page=view_vacancy. The manipulation of the argument ID leads to sql injection. The attack may be initiated…

  • CVE-2025-8948HigAug 14, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was determined in projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /front.php. The manipulation of the argument rid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the…

  • CVE-2025-8947HigAug 14, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in projectworlds Visitor Management System 1.0. This issue affects some unknown processing of the file /query_data.php. The manipulation of the argument dateF/dateP leads to sql injection. The attack may be initiated remotely. The exploit has been…

  • CVE-2025-8946HigAug 14, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in projectworlds Online Notes Sharing Platform 1.0. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument User leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed…

  • CVE-2025-8936HigAug 14, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was determined in 1000 Projects Sales Management System 1.0. Affected by this issue is some unknown functionality of the file /superstore/dist/dordupdate.php. The manipulation of the argument select2 leads to sql injection. The attack may be launched remotely.…

  • CVE-2025-8935HigAug 14, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in 1000 Projects Sales Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /superstore/custcmp.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The…

  • CVE-2025-8932HigAug 14, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was determined in 1000 Projects Sales Management System 1.0. This vulnerability affects unknown code of the file /superstore/admin/sales.php. The manipulation of the argument ssalescat leads to sql injection. The attack can be initiated remotely. The exploit has…

  • CVE-2025-8926HigAug 13, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The…

  • CVE-2025-8925HigAug 13, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in itsourcecode Sports Management System 1.0. Affected is an unknown function of the file /Admin/match.php. The manipulation of the argument code leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed…