Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) — Vulnerability Class 8827

8827 vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-33539 Parse Server: SQL injection via aggregate and distinct field names in PostgreSQL adapter — parse-server 7.2 -2026-03-24
CVE-2019-25642 Bootstrapy CMS Lastest Multiple SQL Injection via Forum and Contact Modules — Bootstrapy CMS 8.2 High2026-03-24
CVE-2019-25643 eNdonesia Portal v8.7 SQL Injection via banners.php — eNdonesia Portal 8.2 High2026-03-24
CVE-2019-25641 Netartmedia Vlog System Lastest SQL Injection via email Parameter — Netartmedia Vlog System 8.2 High2026-03-24
CVE-2019-25640 Inout Article Base CMS Lastest SQL Injection via portalLogin.php — Inout Article Base CMS 8.2 High2026-03-24
CVE-2019-25639 Matrimony Website Script M-Plus Multiple SQL Injection — Matrimony Website Script 8.2 High2026-03-24
CVE-2019-25638 Meeplace Business Review Script Lastest SQL Injection via addclick.php — Meeplace Business Review Script 7.1 High2026-03-24
CVE-2019-25635 Zeeways Matrimony CMS Lastest SQL Injection via profile_list — Zeeways Matrimony CMS 8.2 High2026-03-24
CVE-2019-25636 Zeeways Jobsite CMS Lastest SQL Injection via id Parameter — Zeeways Jobsite CMS 8.2 High2026-03-24
CVE-2026-4662 JetEngine <= 3.8.6.1 - Unauthenticated SQL Injection via Listing Grid 'filtered_query' Parameter — JetEngine 7.5 High2026-03-24
CVE-2026-4632 itsourcecode Online Enrollment System Parameter index.php sql injection — Online Enrollment System 7.3 High2026-03-24
CVE-2026-4625 SourceCodester Online Admission System programmes.php sql injection — Online Admission System 7.3 High2026-03-24
CVE-2026-4624 SourceCodester Online Library Management System Parameter home.php sql injection — Online Library Management System 7.3 High2026-03-24
CVE-2026-3079 LearnDash LMS <= 5.0.3 - Authenticated (Contributor+) SQL Injection via 'filters[orderby_order]' Parameter — LearnDash LMS 6.5 Medium2026-03-24
CVE-2026-4615 SourceCodester Online Catering Reservation search.php sql injection — Online Catering Reservation 7.3 High2026-03-23
CVE-2026-4614 itsourcecode sanitize or validate this input Parameter subjects.php sql injection — sanitize or validate this input 6.3 Medium2026-03-23
CVE-2026-4613 SourceCodester E-Commerce Site products.php sql injection — E-Commerce Site 7.3 High2026-03-23
CVE-2026-4306 WP Job Portal <= 2.4.8 - Unauthenticated SQL Injection via 'radius' Parameter — WP Job Portal – AI-Powered Recruitment System for Company or Job Board website 7.5 High2026-03-23
CVE-2026-2412 Quiz and Survey Master (QSM) <= 10.3.5 - Authenticated (Contributor+) SQL Injection via 'merged_question' Parameter — Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker 6.5 Medium2026-03-23
CVE-2026-4612 itsourcecode Free Hotel Reservation System Parameter index.php sql injection — Free Hotel Reservation System 7.3 High2026-03-23
CVE-2026-4597 648540858 wvp-GB28181-pro Stream Proxy Query StreamProxyProvider.java selectAll sql injection — wvp-GB28181-pro 6.3 Medium2026-03-23
CVE-2026-33723 AVideo Vulnerable to SQL Injection in Subscribe Endpoint via Unsanitized user_id Parameter in subscribe.php — AVideo 7.1 High2026-03-23
CVE-2026-33651 AVideo has a Blind SQL Injection in Live Schedule Reminder via Unsanitized live_schedule_id in Scheduler_commands::getAllActiveOrToRepeat() — AVideo 8.1 High2026-03-23
CVE-2026-33485 AVideo has an Unauthenticated Blind SQL Injection in RTMP on_publish Callback via Stream Name Parameter — AVideo 7.5 High2026-03-23
CVE-2026-33352 AVideo has an Unauthenticated SQL Injection via `doNotShowCats` Parameter (Backslash Escape Bypass) — AVideo 9.8 Critical2026-03-23
CVE-2025-41008 SQL Injection in Sinturno — Sinturno 9.8 -2026-03-23
CVE-2025-41007 SQL Injection in Cuantis — Cuantis 9.8 -2026-03-23
CVE-2026-32969 Pre-Auth Blind SQLi in userinfo Endpoint — MB connect line mbCONNECT24 7.5 High2026-03-23
CVE-2026-4581 code-projects Simple Laundry System Parameters checklogin.php sql injection — Simple Laundry System 7.3 High2026-03-23
CVE-2026-4580 code-projects Simple Laundry System Parameters checkupdatestatus.php sql injection — Simple Laundry System 7.3 High2026-03-23

Vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) represent 8827 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.