CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7
CVEs mapped to this weakness (10,236)
page 246 of 512| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-1552 | Med | 0.41 | 6.3 | 0.00 | Jan 29, 2026 | A security vulnerability has been detected in SEMCMS 5.0. This vulnerability affects unknown code of the file /SEMCMS_Info.php. The manipulation of the argument searchml leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed… | ||
| CVE-2026-1551 | Med | 0.41 | 6.3 | 0.00 | Jan 29, 2026 | A weakness has been identified in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/course/controller.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been… | ||
| CVE-2026-1546 | Med | 0.41 | 6.3 | 0.00 | Jan 28, 2026 | A security vulnerability has been detected in jishenghua jshERP up to 3.6. The impacted element is the function getBillItemByParam of the file /jshERP-boot/depotItem/importItemExcel of the component com.jsh.erp.datasource.mappers.DepotItemMapperEx. The manipulation of the… | ||
| CVE-2026-1118 | Med | 0.41 | 6.3 | 0.00 | Jan 18, 2026 | A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/add_activity.php. Performing a manipulation of the argument Title results in sql injection. It is possible to initiate the attack remotely. The exploit… | ||
| CVE-2026-0843 | Med | 0.41 | 6.3 | 0.00 | Jan 11, 2026 | A vulnerability has been found in jiujiujia/victor123/wxw850227 jjjfood and jjjshop_food up to 20260103. This vulnerability affects unknown code of the file /index.php/api/product.category/index. Such manipulation of the argument latitude leads to sql injection. The attack can… | ||
| CVE-2025-15496 | Med | 0.41 | 6.3 | 0.00 | Jan 9, 2026 | A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. This manipulation of the argument sort causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be… | ||
| CVE-2025-15494 | Med | 0.41 | 6.3 | 0.00 | Jan 9, 2026 | A vulnerability has been found in RainyGao DocSys up to 2.02.37. This affects an unknown function of the file com/DocSystem/mapping/UserMapper.xml. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been… | ||
| CVE-2025-15493 | Med | 0.41 | 6.3 | 0.00 | Jan 9, 2026 | A flaw has been found in RainyGao DocSys up to 2.02.36. The impacted element is an unknown function of the file src/com/DocSystem/mapping/ReposAuthMapper.xml. Executing a manipulation of the argument searchWord can lead to sql injection. It is possible to launch the attack… | ||
| CVE-2026-0803 | Med | 0.41 | 6.3 | 0.00 | Jan 9, 2026 | A vulnerability was found in PHPGurukul Online Course Registration System up to 3.1. This affects an unknown part of the file /enroll.php. The manipulation of the argument studentregno/Pincode/session/department/level/course/sem results in sql injection. The attack may be… | ||
| CVE-2025-15492 | Med | 0.41 | 6.3 | 0.00 | Jan 9, 2026 | A vulnerability was detected in RainyGao DocSys up to 2.02.36. The affected element is an unknown function of the file src/com/DocSystem/mapping/GroupMemberMapper.xml. Performing a manipulation of the argument searchWord results in sql injection. It is possible to initiate the… | ||
| CVE-2026-0733 | Med | 0.41 | 6.3 | 0.00 | Jan 9, 2026 | A vulnerability was determined in PHPGurukul Online Course Registration System up to 3.1. This impacts an unknown function of the file /onlinecourse/admin/manage-students.php. This manipulation of the argument id/cid causes sql injection. It is possible to initiate the attack… | ||
| CVE-2026-0597 | Med | 0.41 | 6.3 | 0.00 | Jan 5, 2026 | A flaw has been found in Campcodes Supplier Management System 1.0. Affected by this issue is some unknown functionality of the file /retailer/edit_profile.php. This manipulation of the argument txtRetailerAddress causes sql injection. Remote exploitation of the attack is… | ||
| CVE-2026-0591 | Med | 0.41 | 6.3 | 0.00 | Jan 5, 2026 | A vulnerability was identified in code-projects Online Product Reservation System 1.0. The impacted element is an unknown function of the file /app/checkout/update.php of the component Cart Update Handler. Such manipulation of the argument id/qty leads to sql injection. It is… | ||
| CVE-2026-0590 | Med | 0.41 | 6.3 | 0.00 | Jan 5, 2026 | A vulnerability was determined in code-projects Online Product Reservation System 1.0. The affected element is an unknown function of the file /app/checkout/delete.php of the component POST Parameter Handler. This manipulation of the argument ID causes sql injection. It is… | ||
| CVE-2026-0584 | Med | 0.41 | 6.3 | 0.00 | Jan 5, 2026 | A weakness has been identified in code-projects Online Product Reservation System 1.0. This issue affects some unknown processing of the file app/products/left_cart.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The… | ||
| CVE-2026-0582 | Med | 0.41 | 6.3 | 0.00 | Jan 5, 2026 | A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/edit_activity_query.php. The manipulation of the argument Title leads to sql injection. The attack may be initiated remotely. The exploit is publicly… | ||
| CVE-2025-15450 | Med | 0.41 | 6.3 | 0.00 | Jan 5, 2026 | A vulnerability was identified in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. Affected by this vulnerability is the function findOrderHosNum of the file /ssm_pro/orderHos/. Such manipulation of the argument hospitalAddress/hospitalName leads to sql… | ||
| CVE-2025-15439 | Med | 0.41 | 6.3 | 0.00 | Jan 2, 2026 | A vulnerability was identified in Daptin 0.10.3. Affected by this vulnerability is the function goqu.L of the file server/resource/resource_aggregate.go of the component Aggregate API. The manipulation of the argument column/group/order leads to sql injection. The attack may be… | ||
| CVE-2025-15392 | Med | 0.41 | 6.3 | 0.00 | Dec 31, 2025 | A weakness has been identified in Kohana KodiCMS up to 13.82.135. This affects the function like of the file cms/modules/pages/classes/kodicms/model/page.php of the component Search API Endpoint. Executing manipulation of the argument keyword can lead to sql injection. It is… | ||
| CVE-2025-15212 | Med | 0.41 | 6.3 | 0.00 | Dec 30, 2025 | A vulnerability was detected in code-projects Refugee Food Management System 1.0. This issue affects some unknown processing of the file /home/regfood.php. Performing manipulation of the argument a results in sql injection. Remote exploitation of the attack is possible. The… |
- risk 0.41cvss 6.3epss 0.00
A security vulnerability has been detected in SEMCMS 5.0. This vulnerability affects unknown code of the file /SEMCMS_Info.php. The manipulation of the argument searchml leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed…
- risk 0.41cvss 6.3epss 0.00
A weakness has been identified in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/course/controller.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been…
- risk 0.41cvss 6.3epss 0.00
A security vulnerability has been detected in jishenghua jshERP up to 3.6. The impacted element is the function getBillItemByParam of the file /jshERP-boot/depotItem/importItemExcel of the component com.jsh.erp.datasource.mappers.DepotItemMapperEx. The manipulation of the…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/add_activity.php. Performing a manipulation of the argument Title results in sql injection. It is possible to initiate the attack remotely. The exploit…
- risk 0.41cvss 6.3epss 0.00
A vulnerability has been found in jiujiujia/victor123/wxw850227 jjjfood and jjjshop_food up to 20260103. This vulnerability affects unknown code of the file /index.php/api/product.category/index. Such manipulation of the argument latitude leads to sql injection. The attack can…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. This manipulation of the argument sort causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be…
- risk 0.41cvss 6.3epss 0.00
A vulnerability has been found in RainyGao DocSys up to 2.02.37. This affects an unknown function of the file com/DocSystem/mapping/UserMapper.xml. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been…
- risk 0.41cvss 6.3epss 0.00
A flaw has been found in RainyGao DocSys up to 2.02.36. The impacted element is an unknown function of the file src/com/DocSystem/mapping/ReposAuthMapper.xml. Executing a manipulation of the argument searchWord can lead to sql injection. It is possible to launch the attack…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was found in PHPGurukul Online Course Registration System up to 3.1. This affects an unknown part of the file /enroll.php. The manipulation of the argument studentregno/Pincode/session/department/level/course/sem results in sql injection. The attack may be…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was detected in RainyGao DocSys up to 2.02.36. The affected element is an unknown function of the file src/com/DocSystem/mapping/GroupMemberMapper.xml. Performing a manipulation of the argument searchWord results in sql injection. It is possible to initiate the…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was determined in PHPGurukul Online Course Registration System up to 3.1. This impacts an unknown function of the file /onlinecourse/admin/manage-students.php. This manipulation of the argument id/cid causes sql injection. It is possible to initiate the attack…
- risk 0.41cvss 6.3epss 0.00
A flaw has been found in Campcodes Supplier Management System 1.0. Affected by this issue is some unknown functionality of the file /retailer/edit_profile.php. This manipulation of the argument txtRetailerAddress causes sql injection. Remote exploitation of the attack is…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was identified in code-projects Online Product Reservation System 1.0. The impacted element is an unknown function of the file /app/checkout/update.php of the component Cart Update Handler. Such manipulation of the argument id/qty leads to sql injection. It is…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was determined in code-projects Online Product Reservation System 1.0. The affected element is an unknown function of the file /app/checkout/delete.php of the component POST Parameter Handler. This manipulation of the argument ID causes sql injection. It is…
- risk 0.41cvss 6.3epss 0.00
A weakness has been identified in code-projects Online Product Reservation System 1.0. This issue affects some unknown processing of the file app/products/left_cart.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/edit_activity_query.php. The manipulation of the argument Title leads to sql injection. The attack may be initiated remotely. The exploit is publicly…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was identified in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. Affected by this vulnerability is the function findOrderHosNum of the file /ssm_pro/orderHos/. Such manipulation of the argument hospitalAddress/hospitalName leads to sql…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was identified in Daptin 0.10.3. Affected by this vulnerability is the function goqu.L of the file server/resource/resource_aggregate.go of the component Aggregate API. The manipulation of the argument column/group/order leads to sql injection. The attack may be…
- risk 0.41cvss 6.3epss 0.00
A weakness has been identified in Kohana KodiCMS up to 13.82.135. This affects the function like of the file cms/modules/pages/classes/kodicms/model/page.php of the component Search API Endpoint. Executing manipulation of the argument keyword can lead to sql injection. It is…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was detected in code-projects Refugee Food Management System 1.0. This issue affects some unknown processing of the file /home/regfood.php. Performing manipulation of the argument a results in sql injection. Remote exploitation of the attack is possible. The…