VYPR

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7

CVEs mapped to this weakness (10,236)

page 244 of 512
  • CVE-2026-4569MedMar 23, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This impacts an unknown function of the file /view_category.php of the component HTTP POST Request Handler. This manipulation of the argument searchtxt causes sql injection. Remote exploitation of…

  • CVE-2026-4568MedMar 23, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file /update_supplier.php of the component HTTP GET Request Handler. The manipulation of the argument sid results in sql injection. The attack may be launched…

  • CVE-2026-4533MedMar 22, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file all-tickets.php. The manipulation of the argument Status results in sql injection. It is possible to launch the attack remotely. The…

  • CVE-2026-4513MedMar 21, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function ask of the file vanna\legacy\base\base.py. Performing a manipulation results in sql injection. The attack is possible to be carried out remotely. The exploit is now public…

  • CVE-2026-4507MedMar 20, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was determined in Mindinventory MindSQL up to 0.2.1. The affected element is the function ask_db of the file mindsql/core/mindsql_core.py. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been publicly…

  • CVE-2026-4485MedMar 20, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/search_student.php. The manipulation of the argument Search leads to sql injection. The attack is possible to be carried out remotely. The…

  • CVE-2026-4472MedMar 20, 2026
    risk 0.41cvss 6.3epss 0.00

    A security vulnerability has been detected in itsourcecode Online Frozen Foods Ordering System 1.0. This vulnerability affects unknown code of the file /admin/admin_edit_supplier.php. The manipulation of the argument Supplier_Name leads to sql injection. The attack can be…

  • CVE-2026-4241MedMar 16, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/time-table.php. Such manipulation of the argument course_code leads to sql injection. The attack can be launched remotely. The exploit is…

  • CVE-2026-4234MedMar 16, 2026
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in SSCMS 7.4.0. This vulnerability affects unknown code of the file SitesAddController.Submit.cs of the component DDL Handler. The manipulation of the argument tableHandWrite results in sql injection. The attack can be executed remotely. The…

  • CVE-2026-4230MedMar 16, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in vanna-ai vanna up to 2.0.2. Affected is the function update_sql of the file src/vanna/legacy/flask/__init__.py of the component Endpoint. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit has been…

  • CVE-2026-4173MedMar 16, 2026
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This vulnerability affects the function exportTable/exportTableColumnComment/exportView/exportProcedure/exportTriggers/exportTrigger/updateProcedure of the file DMDBManage.java of the component Database Export Handler.…

  • CVE-2026-3806MedMar 9, 2026
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in SourceCodester/janobe Resort Reservation System 1.0. This issue affects some unknown processing of the file /room_rates.php. This manipulation of the argument q causes sql injection. The attack can be initiated remotely. The exploit has been…

  • CVE-2026-3793MedMar 9, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file sales_invoice1.php of the component GET Parameter Handler. This manipulation of the argument sellid causes sql injection. It is possible to…

  • CVE-2026-3792MedMar 9, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file purchase_invoice.php of the component GET Parameter Handler. The manipulation of the argument purchaseid results in sql injection. The attack may be performed…

  • CVE-2026-3791MedMar 9, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file dashboard.php of the component Search. The manipulation of the argument searchtxt leads to sql injection. The attack is possible to…

  • CVE-2026-3790MedMar 9, 2026
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file check_supplier_details.php of the component POST Parameter Handler. Executing a manipulation of the argument stock_name1 can lead to sql…

  • CVE-2026-3786MedMar 8, 2026
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in EasyCMS up to 1.6. The impacted element is an unknown function of the file /RbacuserAction.class.php of the component Request Parameter Handler. The manipulation of the argument _order results in sql injection. The attack can be launched…

  • CVE-2026-3785MedMar 8, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in EasyCMS up to 1.6. The affected element is an unknown function of the file /RbacnodeAction.class.php of the component Request Parameter Handler. The manipulation of the argument _order leads to sql injection. The attack can be initiated…

  • CVE-2026-3771MedMar 8, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. This vulnerability affects unknown code of the file /accomodation.php. Such manipulation of the argument q leads to sql injection. The attack may be performed from remote. The exploit has been…

  • CVE-2026-3767MedMar 8, 2026
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in itsourcecode sanitize or validate this input 1.0. Affected is an unknown function of the file /admin/teacher-attendance.php. Executing a manipulation of the argument teacher_id can lead to sql injection. The attack may be launched remotely. The…