CWE-89: SQL Injection
The product constructs all or part of an SQL command using externally-influenced input, but does not neutralize special elements that could modify the intended SQL command.
Yearly Trend
Top Affected Vendors
All SQL Injection CVEs (4,717)
Merchandise Online Store v1.0 contains a SQL injection vulnerability in the delete_category function that allows attackers to execute arbitrary SQL co...
May 13, 2022Merchandise Online Store v1.0 contains a SQL injection vulnerability in the delete_cart function that allows attackers to execute arbitrary SQL comman...
May 13, 2022Pharmacy Sales And Inventory System v1.0 contains a SQL injection vulnerability in the manage_user.php endpoint that allows attackers to execute arbit...
May 13, 2022This CVE describes a SQL injection vulnerability in NETGEAR ProSafe SSL VPN firmware that allows attackers to execute arbitrary SQL commands via the U...
May 13, 2022Insurance Management System 1.0 contains a SQL injection vulnerability in the editAgent.php endpoint that allows attackers to execute arbitrary SQL co...
May 12, 2022Mingsoft MCMS v5.2.7 contains a SQL injection vulnerability in the /mdiy/dict/listExcludeApp endpoint via the orderBy parameter. This allows attackers...
May 11, 2022CVE-2022-29009 allows attackers to bypass authentication in Cyber Cafe Management System v1.0 via SQL injection in the admin panel's username and pass...
May 11, 2022CVE-2022-29006 is a critical SQL injection vulnerability in Directory Management System v1.0 that allows attackers to bypass authentication via the ad...
May 11, 2022Wedding Management System v1.0 contains a SQL injection vulnerability in the package_detail.php file via the id parameter. This allows attackers to ex...
May 11, 2022This SQL injection vulnerability in Complete Online Job Search System v1.0 allows attackers to execute arbitrary SQL commands through the /eris/index....
May 11, 2022The RSVPMaker WordPress plugin contains an unauthenticated SQL injection vulnerability that allows attackers to execute arbitrary SQL queries against ...
May 10, 2022The RSVPMaker WordPress plugin contains an unauthenticated SQL injection vulnerability that allows attackers to execute arbitrary SQL queries without ...
May 10, 2022This SQL injection vulnerability in OpenMRS allows attackers to execute arbitrary SQL commands via GET request parameters on the patient.page endpoint...
May 10, 2022CVE-2022-30335 is a critical SQL injection vulnerability in Bonanza Wealth Management System (BWM) 7.3.2 that allows unauthenticated attackers to extr...
May 9, 2022Explore CMS v1.0 contains a SQL injection vulnerability in the page.php endpoint that allows attackers to execute arbitrary SQL commands via the 'id' ...
May 9, 2022This SQL injection vulnerability in the MapSVG WordPress plugin allows unauthenticated attackers to execute arbitrary SQL commands on affected WordPre...
May 9, 2022This vulnerability allows SQL injection attacks in the Ubigeo de PerΓΊ para Woocommerce WordPress plugin. Unauthenticated attackers can exploit AJAX e...
May 9, 2022This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on WordPress sites using the WP Video Gallery plugin. It affects...
May 9, 2022This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WooCommerce sites using the Order Listener plugin. Attackers c...
May 9, 2022This SQL injection vulnerability in Brocade SANnav allows attackers to execute arbitrary SQL commands through multiple Zone management endpoints. It a...
May 6, 2022This is a critical SQL injection vulnerability in Piwigo's cat_move.php file that allows attackers to execute arbitrary SQL commands via the 'selectio...
May 6, 2022This vulnerability allows attackers to execute arbitrary SQL commands through default reports in Zoho ManageEngine OPManager. It affects all OPManager...
May 5, 2022SpringBlade v3.2.0 and below contains a SQL injection vulnerability in the customSqlSegment component that allows attackers to execute arbitrary SQL c...
May 5, 2022This vulnerability allows attackers to execute arbitrary SQL commands on Medical Hub Directory Site 1.0 through the /mhds/clinic/view_details.php endp...
May 5, 2022This CVE describes a SQL injection vulnerability in OpenLDAP's experimental back-sql backend. Attackers can execute arbitrary SQL commands via special...
May 4, 2022This SQL injection vulnerability in osTicket's login and password reset functionality allows attackers to execute arbitrary SQL commands. It affects a...
May 4, 2022This SQL injection vulnerability in Fantastic Blog CMS 1.0 allows attackers to execute arbitrary SQL commands through the 'id' parameter in single.php...
May 4, 2022This CVE describes a time-blind SQL injection vulnerability in MyBatis PageHelper. Attackers can exploit the orderBy parameter to execute arbitrary SQ...
May 4, 2022CVE-2021-42185 is a critical SQL injection vulnerability in wdja CMS v2.1 that allows attackers to execute arbitrary SQL commands through the foregrou...
May 4, 2022Hospital Management System v1.0 contains a SQL injection vulnerability in the patient_contact parameter of patientsearch.php. This allows attackers to...
May 4, 2022This vulnerability allows attackers to execute arbitrary SQL commands via the adminname parameter in admin.php in Hospital Management System v1.0. Thi...
May 3, 2022EmpireCMS 7.5 contains a SQL injection vulnerability in AdClass.php that allows attackers to execute arbitrary SQL commands. This affects all EmpireCM...
May 3, 2022Bluecms 1.6 contains a SQL injection vulnerability in cookie handling that allows attackers to execute arbitrary SQL commands. This affects all Bluecm...
May 3, 2022Delta Electronics DIAEnergie versions before 1.8.02.004 contain a blind SQL injection vulnerability in the dlSlog.aspx component. This allows attacker...
May 2, 2022Delta Electronics DIAEnergie versions prior to 1.8.02.004 contain a blind SQL injection vulnerability in the DIAE_slogHandler.ashx endpoint. This allo...
May 2, 2022Delta Electronics DIAEnergie versions prior to 1.8.02.004 contain a blind SQL injection vulnerability in the DIAE_rltHandler.ashx component. This allo...
May 2, 2022Delta Electronics DIAEnergie versions prior to 1.8.02.004 contain a blind SQL injection vulnerability in Handler_TCV.ashx that allows attackers to exe...
May 2, 2022Delta Electronics DIAEnergie versions before 1.8.02.004 contain a blind SQL injection vulnerability in the ReadREGbyID function. This allows attackers...
May 2, 2022Delta Electronics DIAEnergie versions before 1.8.02.004 have a blind SQL injection vulnerability in HandlerChart.ashx that allows attackers to execute...
May 2, 2022This CVE describes an SQL injection vulnerability in the Photo Gallery WordPress plugin. Attackers can exploit this by sending malicious input through...
May 2, 2022This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on WordPress sites using the SiteSuperCharger plugin. Attackers ...
May 2, 2022This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on WordPress sites using the Multiple Shipping Address Woocommer...
May 2, 2022MCMS v5.2.27 contains a SQL injection vulnerability in the orderBy parameter at /dict/list.do endpoint. This allows attackers to execute arbitrary SQL...
May 2, 2022This CVE describes a critical SQL injection vulnerability in the ARAX-UI Synonym Lookup functionality of the rtx software. Attackers can exploit this ...
Apr 29, 2022This CVE describes an SQL injection vulnerability in the SemanticDrilldown extension for MediaWiki. Attackers can exploit certain '-' and '_' constrai...
Apr 29, 2022ED01-CMS v20180505 contains a SQL injection vulnerability in the post.php component that allows attackers to execute arbitrary SQL commands. This affe...
Apr 26, 2022CVE-2022-27984 is a critical SQL injection vulnerability in CuppaCMS v1.0 that allows attackers to execute arbitrary SQL commands via the menu_filter ...
Apr 26, 2022This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on WordPress sites using the 5 Stars Rating Funnel plugin. Attac...
Apr 25, 2022This SQL injection vulnerability in the Users Ultra WordPress plugin allows attackers to execute arbitrary SQL commands through the rating_vote AJAX a...
Apr 25, 2022JFinalCMS v2.0 contains a SQL injection vulnerability in the Article Management function that allows attackers to execute arbitrary SQL commands. This...
Apr 22, 2022About SQL Injection (CWE-89)
The product constructs all or part of an SQL command using externally-influenced input, but does not neutralize special elements that could modify the intended SQL command.
Our database tracks 4,717 CVEs classified as CWE-89, with 2,067 rated critical and 1,999 rated high severity. The average CVSS score for SQL Injection vulnerabilities is 8.5.
External reference: View CWE-89 on MITRE CWE →
Monitor SQL Injection Vulnerabilities
Get alerted when new SQL Injection CVEs affect your infrastructure.
Start Monitoring Free