VYPR

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7

CVEs mapped to this weakness (10,236)

page 252 of 512
  • CVE-2025-11611MedOct 11, 2025
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in SourceCodester Simple Inventory System 1.0. Impacted is an unknown function of the file /user.php. This manipulation of the argument uemail causes sql injection. The attack is possible to be carried out remotely. The exploit has been made…

  • CVE-2025-11610MedOct 11, 2025
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in SourceCodester Simple Inventory System 1.0. This issue affects some unknown processing of the file /brand.php. The manipulation of the argument editBrandName results in sql injection. The attack can be executed remotely. The exploit has…

  • CVE-2025-11606MedOct 11, 2025
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in iPynch Social Network Website up to b6933b6d7f82c84819abe458ccf0e59d61119541. The affected element is an unknown function of the component Search. Performing manipulation results in sql injection. The attack is possible to be carried out…

  • CVE-2025-11605MedOct 11, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in code-projects Client Details System 1.0. Impacted is an unknown function of the file /admin/update-profile.php. Such manipulation of the argument uid leads to sql injection. The attack can be executed remotely. The exploit is publicly available…

  • CVE-2025-11603MedOct 11, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in code-projects Simple Food Ordering System 1.0. This vulnerability affects unknown code of the file /editproduct.php. The manipulation of the argument Category results in sql injection. The attack may be launched remotely. The exploit has been made…

  • CVE-2025-11600MedOct 11, 2025
    risk 0.41cvss 6.3epss 0.00

    A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Affected is an unknown function of the file editcategory.php. Such manipulation of the argument cname leads to sql injection. It is possible to launch the attack remotely. The exploit…

  • CVE-2025-11597MedOct 11, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in code-projects E-Commerce Website 1.0. The impacted element is an unknown function of the file /pages/product_add_qty.php. The manipulation of the argument prod_id leads to sql injection. The attack is possible to be carried out remotely. The…

  • CVE-2025-11593MedOct 11, 2025
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in CodeAstro Gym Management System 1.0. This vulnerability affects unknown code of the file /admin/actions/delete-equipment.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published…

  • CVE-2025-11592MedOct 11, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in CodeAstro Gym Management System 1.0. This affects an unknown part of the file /admin/edit-equipmentform.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit is now public and may be…

  • CVE-2025-11591MedOct 11, 2025
    risk 0.41cvss 6.3epss 0.00

    A security vulnerability has been detected in CodeAstro Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/actions/delete-member.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely.…

  • CVE-2025-11590MedOct 11, 2025
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in CodeAstro Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/equipment-entry.php. Executing a manipulation of the argument ename can lead to sql injection. It is possible to launch the attack…

  • CVE-2025-11589MedOct 10, 2025
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/user-payment.php. Performing a manipulation of the argument plan results in sql injection. It is possible to initiate the attack remotely. The exploit…

  • CVE-2025-11588MedOct 10, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in CodeAstro Gym Management System 1.0. This impacts an unknown function of the file /customer/index.php. Such manipulation of the argument fullname leads to sql injection. The attack may be performed from remote. The exploit is publicly available…

  • CVE-2025-11553MedOct 9, 2025
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in code-projects Courier Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-courier.php. Executing manipulation of the argument Shippername can lead to sql injection. The attack can be launched…

  • CVE-2025-11552MedOct 9, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in code-projects Online Complaint Site 1.0. This impacts an unknown function of the file /admin/category.php. Such manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly…

  • CVE-2025-11551MedOct 9, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was determined in code-projects Student Result Manager 1.0. This affects an unknown function of the file src/students/Database.java. This manipulation of the argument roll/name/gpa causes sql injection. It is possible to initiate the attack remotely. The exploit…

  • CVE-2025-11530MedOct 9, 2025
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in code-projects Online Complaint Site 1.0. Affected is an unknown function of the file /cms/admin/state.php. This manipulation of the argument state causes sql injection. The attack is possible to be carried out remotely. The exploit has been made…

  • CVE-2025-11516MedOct 9, 2025
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in code-projects Online Complaint Site 1.0. Impacted is an unknown function of the file /cms/users/complaint-details.php. Executing manipulation of the argument cid can lead to sql injection. It is possible to launch the attack remotely. The…

  • CVE-2025-11515MedOct 9, 2025
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in code-projects Online Complaint Site 1.0. This issue affects some unknown processing of the file /cms/users/register-complaint.php. Performing manipulation of the argument cid results in sql injection. It is possible to initiate the attack…

  • CVE-2025-11514MedOct 9, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in code-projects Online Complaint Site 1.0. This vulnerability affects unknown code of the file /cms/users/index.php. Such manipulation of the argument Username leads to sql injection. The attack may be performed from remote. The exploit is…