CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-470 · CAPEC-66 · CAPEC-7
CVEs mapped to this weakness (10,236)
page 93 of 512| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-66095 | Hig | 0.55 | 8.5 | 0.00 | Nov 21, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows SQL Injection.This issue affects KiviCare: from n/a through <= 3.6.13. | ||
| CVE-2025-60239 | Hig | 0.55 | 8.5 | 0.00 | Nov 6, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Codexpert, Inc CoSchool LMS coschool allows Blind SQL Injection.This issue affects CoSchool LMS: from n/a through <= 1.4.3. | ||
| CVE-2025-28953 | Hig | 0.55 | 8.5 | 0.00 | Nov 6, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in axiomthemes smart SEO smartSEO allows SQL Injection.This issue affects smart SEO: from n/a through <= 4.0. | ||
| CVE-2025-4665 | Cri | 0.55 | 9.6 | 0.00 | Oct 29, 2025 | WordPress plugin Contact Form CFDB7 versions up to and including 1.3.2 are affected by a pre-authentication SQL injection vulnerability that cascades into insecure deserialization (PHP Object Injection). The weakness arises due to insufficient validation of user input in plugin… | ||
| CVE-2025-49378 | Hig | 0.55 | 8.5 | 0.00 | Oct 22, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Hydra Booking hydra-booking allows SQL Injection.This issue affects Hydra Booking: from n/a through <= 1.1.10. | ||
| CVE-2025-48091 | Hig | 0.55 | 8.5 | 0.00 | Oct 22, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alexander AnyComment anycomment allows SQL Injection.This issue affects AnyComment: from n/a through <= 0.3.6. | ||
| CVE-2025-60118 | Hig | 0.55 | 8.5 | 0.00 | Sep 26, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Potenzaglobalsolutions PGS Core pgs-core allows SQL Injection.This issue affects PGS Core: from n/a through <= 5.9.0. | ||
| CVE-2025-60110 | Hig | 0.55 | 8.5 | 0.00 | Sep 26, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup AllInOne - Banner Rotator all-in-one-bannerRotator allows SQL Injection.This issue affects AllInOne - Banner Rotator: from n/a through <= 3.8. | ||
| CVE-2025-60109 | Hig | 0.55 | 8.5 | 0.00 | Sep 26, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup LambertGroup - AllInOne - Content Slider all-in-one-contentSlider allows Blind SQL Injection.This issue affects LambertGroup - AllInOne - Content Slider: from n/a… | ||
| CVE-2025-60108 | Hig | 0.55 | 8.5 | 0.00 | Sep 26, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Thumbnails all-in-one-thumbnailsBanner allows Blind SQL Injection.This issue affects LambertGroup - AllInOne - Banner with… | ||
| CVE-2025-60107 | Hig | 0.55 | 8.5 | 0.00 | Sep 26, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Playlist all-in-one-bannerWithPlaylist allows Blind SQL Injection.This issue affects LambertGroup - AllInOne - Banner with… | ||
| CVE-2025-58686 | Hig | 0.55 | 8.5 | 0.00 | Sep 22, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in quadlayers Perfect Brands for WooCommerce perfect-woocommerce-brands allows SQL Injection.This issue affects Perfect Brands for WooCommerce: from n/a through <= 3.6.2. | ||
| CVE-2025-53468 | Hig | 0.55 | 8.5 | 0.00 | Sep 22, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus@hotmail.com Wp tabber widget wp-tabber-widget allows SQL Injection.This issue affects Wp tabber widget: from n/a through <= 4.0. | ||
| CVE-2025-58881 | Hig | 0.55 | 8.5 | 0.00 | Sep 5, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus New Simple Gallery new-simple-gallery allows Blind SQL Injection.This issue affects New Simple Gallery: from n/a through <= 8.0. | ||
| CVE-2025-49404 | Hig | 0.55 | 8.5 | 0.00 | Aug 28, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in purethemes Listeo Core listeo-core allows SQL Injection.This issue affects Listeo Core: from n/a through < 2.0.7. | ||
| CVE-2025-49402 | Hig | 0.55 | 8.5 | 0.00 | Aug 28, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in scriptsbundle Exertio Framework exertio-framework allows Blind SQL Injection.This issue affects Exertio Framework: from n/a through <= 1.3.3. | ||
| CVE-2025-56216 | Hig | 0.55 | 8.5 | 0.00 | Aug 25, 2025 | phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter. | ||
| CVE-2025-49891 | Hig | 0.55 | 8.5 | 0.00 | Aug 20, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in uxper Uxper Booking uxper-booking allows Blind SQL Injection.This issue affects Uxper Booking: from n/a through <= 1.3.3. | ||
| CVE-2025-54474 | Hig | 0.55 | — | 0.00 | Aug 15, 2025 | A SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands. | ||
| CVE-2025-55708 | Hig | 0.55 | 8.5 | 0.00 | Aug 14, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows SQL Injection.This issue affects Quiz And Survey Master: from n/a through <= 10.2.4. |
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows SQL Injection.This issue affects KiviCare: from n/a through <= 3.6.13.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Codexpert, Inc CoSchool LMS coschool allows Blind SQL Injection.This issue affects CoSchool LMS: from n/a through <= 1.4.3.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in axiomthemes smart SEO smartSEO allows SQL Injection.This issue affects smart SEO: from n/a through <= 4.0.
- risk 0.55cvss 9.6epss 0.00
WordPress plugin Contact Form CFDB7 versions up to and including 1.3.2 are affected by a pre-authentication SQL injection vulnerability that cascades into insecure deserialization (PHP Object Injection). The weakness arises due to insufficient validation of user input in plugin…
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Hydra Booking hydra-booking allows SQL Injection.This issue affects Hydra Booking: from n/a through <= 1.1.10.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alexander AnyComment anycomment allows SQL Injection.This issue affects AnyComment: from n/a through <= 0.3.6.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Potenzaglobalsolutions PGS Core pgs-core allows SQL Injection.This issue affects PGS Core: from n/a through <= 5.9.0.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup AllInOne - Banner Rotator all-in-one-bannerRotator allows SQL Injection.This issue affects AllInOne - Banner Rotator: from n/a through <= 3.8.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup LambertGroup - AllInOne - Content Slider all-in-one-contentSlider allows Blind SQL Injection.This issue affects LambertGroup - AllInOne - Content Slider: from n/a…
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Thumbnails all-in-one-thumbnailsBanner allows Blind SQL Injection.This issue affects LambertGroup - AllInOne - Banner with…
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Playlist all-in-one-bannerWithPlaylist allows Blind SQL Injection.This issue affects LambertGroup - AllInOne - Banner with…
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in quadlayers Perfect Brands for WooCommerce perfect-woocommerce-brands allows SQL Injection.This issue affects Perfect Brands for WooCommerce: from n/a through <= 3.6.2.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus@hotmail.com Wp tabber widget wp-tabber-widget allows SQL Injection.This issue affects Wp tabber widget: from n/a through <= 4.0.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus New Simple Gallery new-simple-gallery allows Blind SQL Injection.This issue affects New Simple Gallery: from n/a through <= 8.0.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in purethemes Listeo Core listeo-core allows SQL Injection.This issue affects Listeo Core: from n/a through < 2.0.7.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in scriptsbundle Exertio Framework exertio-framework allows Blind SQL Injection.This issue affects Exertio Framework: from n/a through <= 1.3.3.
- risk 0.55cvss 8.5epss 0.00
phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in uxper Uxper Booking uxper-booking allows Blind SQL Injection.This issue affects Uxper Booking: from n/a through <= 1.3.3.
- risk 0.55cvss —epss 0.00
A SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows SQL Injection.This issue affects Quiz And Survey Master: from n/a through <= 10.2.4.