Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) — Vulnerability Class 8815

8815 vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-7028 CodeAstro Online Job Portal All Jobs delete-jobs.php sql injection — Online Job Portal 4.7 Medium2026-04-26
CVE-2026-7023 ByteDance coze-studio databaseTool database_impl.go ExecuteSQL sql injection — coze-studio 6.3 Medium2026-04-26
CVE-2026-7002 KLiK SocialMediaWebsite Private Message get_message_ajax.php sql injection — SocialMediaWebsite 7.3 High2026-04-25
CVE-2026-6991 colinhacks Zod CUID Data Type regexes.ts sql injection — Zod 6.3 Medium2026-04-25
CVE-2026-6982 star7th ShowDoc API Page Sort Endpoint PageController.class.PHP sql injection — ShowDoc 6.3 Medium2026-04-25
CVE-2026-6978 JiZhiCMS addcache.html htmlspecialchars_decode sql injection — JiZhiCMS 4.7 Medium2026-04-25
CVE-2026-41478 Saltcorn: SQL Injection via Unparameterized Sync Endpoints (maxLoadedId) — saltcorn 10.0 Critical2026-04-24
CVE-2026-33078 Roxy-WI has SQL Injection in haproxy_section_save Endpoint via Unsanitized server_ip Parameter — roxy-wi 9.8AICriticalAI2026-04-24
CVE-2026-31952 Xibo CMS API has SQL Injection via DataSet Filter Parameter — xibo-cms 7.6 High2026-04-24
CVE-2026-41460 SocialEngine <= 7.8.0 SQL Injection via activity/index/get-memberall — SocialEngine 9.8 Critical2026-04-23
CVE-2026-6887 BorG Technology Corporation|Borg SPM 2007 - SQL Injection — Borg SPM 2007 9.8 Critical2026-04-23
CVE-2026-40529 KANATA CMS ALAYA SQL注入漏洞 — CMS ALAYA 6.5AIMediumAI2026-04-23
CVE-2026-41167 Jellystat has SQL Injection that leads to to Remote Code Execution — Jellystat 9.1 Critical2026-04-22
CVE-2026-6833 aEnrich|a+HRD - SQL Injection — a+HRD 6.5 Medium2026-04-22
CVE-2026-41457 OwnTone Server < 29.1 SQL Injection via query and filter Parameters — owntone-server 7.5AIHighAI2026-04-22
CVE-2026-40906 Electric: SQL Injection via ORDER BY Parameter in Shape API — electric 10.0 Critical2026-04-21
CVE-2026-41320 Frappe HR has possibility of SQL Injection due to improper field sanitization — hrms 6.5 Medium2026-04-21
CVE-2026-40887 @vendure/core has a SQL Injection vulnerability — vendure 9.1 Critical2026-04-21
CVE-2025-41029 SQL injection in Zeon Academy Pro by Zeon Global Tech — Zeon Academy Pro 9.8AICriticalAI2026-04-21
CVE-2026-6674 Plugin: CMS für Motorrad Werkstätten <= 1.0.0 - Authenticated (Subscriber+) SQL Injection via 'arttype' Parameter — Plugin: CMS für Motorrad Werkstätten 6.5 Medium2026-04-21
CVE-2026-39946 OpenBao allows SQL Injection in PostgreSQL database secrets engine — openbao 8.8 -2026-04-21
CVE-2026-35588 Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values — glances 6.3 Medium2026-04-20
CVE-2025-66335 Apache Doris MCP Server: MCP SQL inject — Apache Doris MCP Server 9.8AICriticalAI2026-04-20
CVE-2026-6629 Metasoft 美特软件 MetaCRM Interface sql.jsp Statement.executeUpdate sql injection — MetaCRM 7.3 High2026-04-20
CVE-2026-6628 phili67 Ecclesia CRM Query Viewer view ValidateInput sql injection — Ecclesia CRM 6.3 Medium2026-04-20
CVE-2026-5964 Digiwin|EasyFlow .NET - SQL Injection — EasyFlow .NET 9.8 Critical2026-04-20
CVE-2026-5963 Digiwin|EasyFlow .NET - SQL Injection — EasyFlow .NET 9.8 Critical2026-04-20
CVE-2026-6595 ProjectsAndPrograms School Management System HTTP GET Parameter buslocation.php sql injection — School Management System 7.3 High2026-04-20
CVE-2026-6562 dameng100 muucmf index.html getListByPage sql injection — muucmf 7.3 High2026-04-19
CVE-2026-40482 ChurchCRM has Authenticated SQL Injection in `/api/families/byCheckNumber/{scanString}` — CRM 8.8AIHighAI2026-04-17

Vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) represent 8815 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.