Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) — Vulnerability Class 8827

8827 vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-4579 code-projects Simple Laundry System Parameters viewdetail.php sql injection — Simple Laundry System 7.3 High2026-03-23
CVE-2026-4574 SourceCodester Simple E-learning System User Profile Update sql injection — Simple E-learning System 6.3 Medium2026-03-23
CVE-2026-4573 SourceCodester Simple E-learning System HTTP GET Parameter delete_post.php sql injection — Simple E-learning System 6.3 Medium2026-03-23
CVE-2026-4572 SourceCodester Sales and Inventory System HTTP POST Request view_product.php sql injection — Sales and Inventory System 6.3 Medium2026-03-23
CVE-2026-4571 SourceCodester Sales and Inventory System HTTP POST Request view_payments.php sql injection — Sales and Inventory System 6.3 Medium2026-03-23
CVE-2026-4570 SourceCodester Sales and Inventory System HTTP POST Request view_customers.php sql injection — Sales and Inventory System 6.3 Medium2026-03-23
CVE-2026-4569 SourceCodester Sales and Inventory System HTTP POST Request view_category.php sql injection — Sales and Inventory System 6.3 Medium2026-03-23
CVE-2026-4568 SourceCodester Sales and Inventory System HTTP GET Request update_supplier.php sql injection — Sales and Inventory System 6.3 Medium2026-03-23
CVE-2026-2580 WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters <= 4.9.1 - Unauthenticated SQL Injection via 'orderby' Parameter — WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters 7.5 High2026-03-22
CVE-2026-4550 code-projects Simple Gym Management System func.php sql injection — Simple Gym Management System 4.7 Medium2026-03-22
CVE-2026-4540 projectworlds Online Notes Sharing System Parameters login.php sql injection — Online Notes Sharing System 7.3 High2026-03-22
CVE-2026-4533 code-projects Simple Food Ordering System all-tickets.php sql injection — Simple Food Ordering System 6.3 Medium2026-03-22
CVE-2026-4530 apconw Aix-DB terminology_retriever.py sql injection — Aix-DB 5.3 Medium2026-03-21
CVE-2019-25581 i-doit CMDB 1.12 SQL Injection via objGroupID Parameter — doit CMDB 8.2 High2026-03-21
CVE-2019-25578 phpTransformer 2016.9 SQL Injection via GeneratePDF.php — phpTransformer 8.2 High2026-03-21
CVE-2019-25576 Kepler Wallpaper Script 1.1 SQL Injection via category — Kepler Wallpaper Script 8.2 High2026-03-21
CVE-2019-25575 SimplePress CMS 1.0.7 SQL Injection via p and s Parameters — SimplePress CMS 8.2 High2026-03-21
CVE-2019-25573 Green CMS 2.x SQL Injection via cat Parameter — Green CMS 7.1 High2026-03-21
CVE-2026-4513 vanna-ai vanna base.py ask sql injection — vanna 6.3 Medium2026-03-21
CVE-2026-2503 ElementCamp <= 2.3.6 - Authenticated (Author+) SQL Injection via 'meta_query[compare]' Parameter — ElementCamp 6.5 Medium2026-03-21
CVE-2026-4087 Pre* Party Resource Hints <= 1.8.20 - Authenticated (Subscriber+) SQL Injection via 'hint_ids' Parameter — Pre* Party Resource Hints 6.5 Medium2026-03-21
CVE-2026-2468 Quentn WP <= 1.2.12 - Unauthenticated SQL Injection via 'qntn_wp_access' Cookie — Quentn WP 7.5 High2026-03-21
CVE-2026-1800 Fonts Manager | Custom Fonts <= 1.2 - Unauthenticated SQL Injection via fmcfIdSelectedFnt parameter — Fonts Manager | Custom Fonts 7.5 High2026-03-21
CVE-2026-3334 CMS Commander <= 2.288 - Authenticated (Custom+) SQL Injection via 'or_blogname' Parameter — CMS Commander – Manage Multiple Sites 8.8 High2026-03-21
CVE-2026-2279 myLinksDump <= 1.6 - Authenticated (Administrator+) SQL Injection via 'sort_by' and 'sort_order' Parameters — myLinksDump 7.2 High2026-03-21
CVE-2026-4508 PbootCMS Member Login MemberController.php checkUsername sql injection — PbootCMS 7.3 High2026-03-20
CVE-2026-4507 Mindinventory MindSQL mindsql_core.py ask_db sql injection — MindSQL 6.3 Medium2026-03-20
CVE-2026-33142 OneUptime: ClickHouse SQL Injection via unvalidated column identifiers in sort, select, and groupBy parameters — oneuptime 8.1 High2026-03-20
CVE-2026-4504 eosphoros-ai db-gpt Incomplete Fix editor sql injection — db-gpt 7.3 High2026-03-20
CVE-2025-62846 QuRouter — QuRouter 7.8 -2026-03-20

Vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) represent 8827 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.