VYPR

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7

CVEs mapped to this weakness (10,236)

page 255 of 512
  • CVE-2025-10828MedSep 23, 2025
    risk 0.41cvss 6.3epss 0.00

    A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file /admin/edit.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been…

  • CVE-2025-10826MedSep 23, 2025
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in Campcodes Online Beauty Parlor Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/sales-reports-detail.php. The manipulation of the argument fromdate/todate results in sql injection. The…

  • CVE-2025-10825MedSep 23, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in Campcodes Online Beauty Parlor Management System 1.0. Affected is an unknown function of the file /admin/view-appointment.php. The manipulation of the argument viewid leads to sql injection. The attack can be initiated remotely. The exploit is…

  • CVE-2025-10807MedSep 22, 2025
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in Campcodes Online Beauty Parlor Management System 1.0. This issue affects some unknown processing of the file /admin/edit-customer-detailed.php. The manipulation of the argument editid results in sql injection. The attack may be launched…

  • CVE-2025-10806MedSep 22, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in Campcodes Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may be initiated…

  • CVE-2025-10805MedSep 22, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was determined in Campcodes Online Beauty Parlor Management System 1.0. This affects an unknown part of the file /admin/add-services.php. Executing manipulation of the argument sername can lead to sql injection. The attack can be launched remotely. The exploit…

  • CVE-2025-10804MedSep 22, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in Campcodes Online Beauty Parlor Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/add-customer.php. Performing manipulation of the argument mobilenum results in sql injection. The attack can be initiated…

  • CVE-2025-10790MedSep 22, 2025
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in SourceCodester Simple Forum Discussion System 1.0. This affects an unknown function of the file /ajax.php?action=save_category. The manipulation of the argument Description results in sql injection. The attack can be executed remotely. The…

  • CVE-2025-10780MedSep 22, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was determined in CodeAstro Simple Pharmacy Management 1.0. This affects an unknown function of the file /view.php. This manipulation of the argument bar_code causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly…

  • CVE-2025-10762MedSep 21, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in kuaifan DooTask up to 1.2.49. Affected by this vulnerability is an unknown functionality of the file app/Http/Controllers/Api/UsersController.php. The manipulation of the argument keys[department] results in sql injection. The attack can be executed…

  • CVE-2025-10665MedSep 18, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. Affected is an unknown function of the file /Profilers/PProfile/COUNT3s3.php. The manipulation of the argument csem leads to sql injection. Remote exploitation of the…

  • CVE-2025-10627MedSep 18, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in SourceCodester Online Exam Form Submission 1.0. This affects an unknown part of the file /admin/delete_user.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to…

  • CVE-2025-10626MedSep 18, 2025
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in SourceCodester Online Exam Form Submission 1.0. Affected by this issue is some unknown functionality of the file /admin/update_s3.php. This manipulation of the argument credits causes sql injection. Remote exploitation of the attack is possible. The…

  • CVE-2025-10625MedSep 17, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in SourceCodester Online Exam Form Submission 1.0. Affected by this vulnerability is an unknown functionality of the file /user/dashboard.php?page=update_profile. The manipulation of the argument phone results in sql injection. The attack may be…

  • CVE-2025-10620MedSep 17, 2025
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in itsourcecode Online Clinic Management System 1.0. This vulnerability affects unknown code of the file /editp2.php. Executing manipulation of the argument id/firstname/lastname/type/age/address can lead to sql injection. The attack can be executed…

  • CVE-2025-10618MedSep 17, 2025
    risk 0.41cvss 6.3epss 0.00

    A security vulnerability has been detected in itsourcecode Online Clinic Management System 1.0. Affected by this issue is some unknown functionality of the file transact.php. Such manipulation of the argument firstname leads to sql injection. The attack may be launched remotely.…

  • CVE-2025-10617MedSep 17, 2025
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in SourceCodester Online Polling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/positions.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit…

  • CVE-2025-10613MedSep 17, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in itsourcecode Student Information System 1.0. The affected element is an unknown function of the file /leveledit1.php. Such manipulation of the argument level_id leads to sql injection. The attack may be performed from remote. The exploit has…

  • CVE-2025-10602MedSep 17, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in SourceCodester Online Exam Form Submission 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/delete_s1.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely.…

  • CVE-2025-10595MedSep 17, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in SourceCodester Online Student File Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/delete_user.php. The manipulation of the argument user_id leads to sql injection. The attack can be initiated…