CWE-89: SQL Injection
The product constructs all or part of an SQL command using externally-influenced input, but does not neutralize special elements that could modify the intended SQL command.
Yearly Trend
Top Affected Vendors
All SQL Injection CVEs (4,717)
Baby Care System v1.0 contains a SQL injection vulnerability in the admin users deletion function that allows attackers to execute arbitrary SQL comma...
Apr 21, 2022Simple Real Estate Portal System v1.0 contains a SQL injection vulnerability in the agent management page that allows attackers to execute arbitrary S...
Apr 21, 2022Car Driving School Management System v1.0 contains a SQL injection vulnerability in the delete_enrollment function that allows attackers to execute ar...
Apr 21, 2022CVE-2022-28415 is a critical SQL injection vulnerability in Home Owners Collection Management System v1.0 that allows attackers to execute arbitrary S...
Apr 21, 2022CVE-2022-28417 is a critical SQL injection vulnerability in Home Owners Collection Management System v1.0 that allows attackers to execute arbitrary S...
Apr 21, 2022Baby Care System v1.0 contains a SQL injection vulnerability in the admin.php endpoint that allows attackers to execute arbitrary SQL commands. This a...
Apr 21, 2022Baby Care System v1.0 contains a SQL injection vulnerability in the posts.php admin interface that allows attackers to execute arbitrary SQL commands....
Apr 21, 2022Baby Care System v1.0 contains a SQL injection vulnerability in the admin panel that allows attackers to execute arbitrary SQL commands via the /admin...
Apr 21, 2022Baby Care System v1.0 contains a SQL injection vulnerability in the admin inbox functionality that allows attackers to execute arbitrary SQL commands....
Apr 21, 2022Baby Care System v1.0 contains a SQL injection vulnerability in the admin interface that allows attackers to execute arbitrary SQL commands. This affe...
Apr 21, 2022Baby Care System v1.0 contains a SQL injection vulnerability in the admin users management interface. Attackers can exploit this to execute arbitrary ...
Apr 21, 2022Baby Care System v1.0 contains a SQL injection vulnerability in the admin interface that allows attackers to execute arbitrary SQL commands. This affe...
Apr 21, 2022Baby Care System v1.0 contains a SQL injection vulnerability in the admin panel that allows attackers to execute arbitrary SQL commands. This affects ...
Apr 21, 2022CVE-2022-28023 is a critical SQL injection vulnerability in Purchase Order Management System v1.0 that allows attackers to execute arbitrary SQL comma...
Apr 21, 2022CVE-2022-28025 is a critical SQL injection vulnerability in Student Grading System v1.0 that allows attackers to execute arbitrary SQL commands via th...
Apr 21, 2022Simple Real Estate Portal System v1.0 contains a SQL injection vulnerability in the delete_amenity function that allows attackers to execute arbitrary...
Apr 21, 2022Simple Real Estate Portal System v1.0 contains a SQL injection vulnerability in the delete_estate function that allows attackers to execute arbitrary ...
Apr 21, 2022This is a critical SQL injection vulnerability in Webtareas project management software. Attackers can inject malicious SQL commands via the $uq param...
Apr 20, 2022CVE-2022-27104 is an unauthenticated blind SQL injection vulnerability in Forma LMS that allows attackers to execute arbitrary SQL queries without aut...
Apr 19, 2022This is a critical SQL injection vulnerability in Microfinance Management System 1.0 that allows attackers to execute arbitrary SQL commands through c...
Apr 19, 2022This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress sites running the Daily Prayer Time plugin. Attacker...
Apr 18, 2022CVE-2020-13567 is a critical SQL injection vulnerability in phpGACL 3.3.7 that allows attackers to execute arbitrary SQL commands via specially crafte...
Apr 18, 2022CVE-2022-26631 is a critical SQL injection vulnerability in Automatic Question Paper Generator v1.0 that allows attackers to execute arbitrary SQL com...
Apr 18, 2022This SQL injection vulnerability in Chamilo LMS allows attackers to execute arbitrary SQL commands via the blog_id parameter. Attackers can potentiall...
Apr 15, 2022CVE-2022-27479 is a critical SQL injection vulnerability in Apache Superset that allows attackers to execute arbitrary SQL commands through chart data...
Apr 13, 2022CVE-2022-27473 is a critical SQL injection vulnerability in Roothub 2.6.0 that allows unauthenticated remote attackers to execute arbitrary SQL comman...
Apr 12, 2022CVE-2022-28032 is a critical SQL injection vulnerability in AtomCMS 2.0 that allows attackers to execute arbitrary SQL commands via the Atom.CMS_admin...
Apr 12, 2022AtomCMS 2.0 contains a SQL injection vulnerability in the admin_ajax_list-sort.php file that allows attackers to execute arbitrary SQL commands. This ...
Apr 12, 2022CVE-2022-28036 is a critical SQL injection vulnerability in AtomCMS 2.0 that allows attackers to execute arbitrary SQL commands via the Atom.CMS_admin...
Apr 12, 2022CVE-2022-27161 is a critical SQL injection vulnerability in CSZ CMS 1.2.2 that allows attackers to execute arbitrary SQL commands via the cszcms_admin...
Apr 12, 2022CVE-2022-27163 is a critical SQL injection vulnerability in CSZ CMS 1.2.2 that allows attackers to execute arbitrary SQL commands through the admin us...
Apr 12, 2022CVE-2022-27165 is a critical SQL injection vulnerability in CSZ CMS 1.2.2 that allows attackers to execute arbitrary SQL commands via the cszcms_admin...
Apr 12, 2022This SQL injection vulnerability in Django allows attackers to execute arbitrary SQL commands through crafted dictionary parameters in QuerySet method...
Apr 12, 2022This SQL injection vulnerability in KevinLAB Inc Building Energy Management System allows attackers to execute arbitrary SQL commands through the inpu...
Apr 11, 2022This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress sites running the Block Bad Bots plugin. Attackers c...
Apr 11, 2022CVE-2022-27126 is a SQL injection vulnerability in zbzcms v1.0 that allows attackers to execute arbitrary SQL commands via the art parameter at /inclu...
Apr 10, 2022CVE-2022-26613 is a critical SQL injection vulnerability in PHP-CMS v1.0 that allows attackers to execute arbitrary SQL commands via the category para...
Apr 6, 2022This is a critical SQL injection vulnerability in FortiWAN that allows unauthenticated attackers to execute arbitrary SQL commands via crafted HTTP re...
Apr 6, 2022Employee Performance Evaluation v1.0 contains a SQL injection vulnerability in the email parameter that allows attackers to execute arbitrary SQL comm...
Apr 5, 2022Student Grading System v1.0 contains a SQL injection vulnerability in the user parameter that allows attackers to execute arbitrary SQL commands. This...
Apr 5, 2022Online Banking System v1.0 contains a SQL injection vulnerability in the id parameter that allows attackers to execute arbitrary SQL commands. This af...
Apr 5, 2022Payroll Management System v1.0 contains a SQL injection vulnerability in the username parameter that allows attackers to execute arbitrary SQL command...
Apr 5, 2022CVE-2022-26628 is a critical SQL injection vulnerability in Matrimony v1.0 that allows attackers to execute arbitrary SQL commands via the Password pa...
Apr 5, 2022Simple Student Information System v1.0 contains a SQL injection vulnerability in the add/Student endpoint that allows attackers to execute arbitrary S...
Apr 5, 2022Mingsoft MCMS v5.2.7 contains a SQL injection vulnerability in the /cms/content/list endpoint that allows attackers to execute arbitrary SQL commands....
Apr 5, 2022This is a critical SQL injection vulnerability in MDT AutoSave software that allows attackers to create new administrative users and bypass authentica...
Apr 1, 2022CVE-2021-44135 is a SQL injection vulnerability in PageKit CMS that allows attackers to execute arbitrary SQL commands via the comment listing functio...
Apr 1, 2022This vulnerability allows unauthenticated attackers to execute arbitrary code on Simple Client Management System 1.0 servers by uploading malicious fi...
Mar 31, 2022This CVE describes an SQL injection vulnerability in the Simple Client Management System 1.0, allowing attackers to manipulate the password parameter ...
Mar 31, 2022CVE-2022-23797 is a critical SQL injection vulnerability in Joomla! CMS that allows attackers to execute arbitrary SQL commands through inadequate fil...
Mar 30, 2022About SQL Injection (CWE-89)
The product constructs all or part of an SQL command using externally-influenced input, but does not neutralize special elements that could modify the intended SQL command.
Our database tracks 4,717 CVEs classified as CWE-89, with 2,067 rated critical and 1,999 rated high severity. The average CVSS score for SQL Injection vulnerabilities is 8.5.
External reference: View CWE-89 on MITRE CWE →
Monitor SQL Injection Vulnerabilities
Get alerted when new SQL Injection CVEs affect your infrastructure.
Start Monitoring Free