Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) — Vulnerability Class 8838

8838 vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-2503 ElementCamp <= 2.3.6 - Authenticated (Author+) SQL Injection via 'meta_query[compare]' Parameter — ElementCamp 6.5 Medium2026-03-21
CVE-2026-4087 Pre* Party Resource Hints <= 1.8.20 - Authenticated (Subscriber+) SQL Injection via 'hint_ids' Parameter — Pre* Party Resource Hints 6.5 Medium2026-03-21
CVE-2026-2468 Quentn WP <= 1.2.12 - Unauthenticated SQL Injection via 'qntn_wp_access' Cookie — Quentn WP 7.5 High2026-03-21
CVE-2026-1800 Fonts Manager | Custom Fonts <= 1.2 - Unauthenticated SQL Injection via fmcfIdSelectedFnt parameter — Fonts Manager | Custom Fonts 7.5 High2026-03-21
CVE-2026-3334 CMS Commander <= 2.288 - Authenticated (Custom+) SQL Injection via 'or_blogname' Parameter — CMS Commander – Manage Multiple Sites 8.8 High2026-03-21
CVE-2026-2279 myLinksDump <= 1.6 - Authenticated (Administrator+) SQL Injection via 'sort_by' and 'sort_order' Parameters — myLinksDump 7.2 High2026-03-21
CVE-2026-4508 PbootCMS Member Login MemberController.php checkUsername sql injection — PbootCMS 7.3 High2026-03-20
CVE-2026-4507 Mindinventory MindSQL mindsql_core.py ask_db sql injection — MindSQL 6.3 Medium2026-03-20
CVE-2026-33142 OneUptime: ClickHouse SQL Injection via unvalidated column identifiers in sort, select, and groupBy parameters — oneuptime 8.1 High2026-03-20
CVE-2026-4504 eosphoros-ai db-gpt Incomplete Fix editor sql injection — db-gpt 7.3 High2026-03-20
CVE-2025-62846 QuRouter — QuRouter 7.8 -2026-03-20
CVE-2026-4485 itsourcecode College Management System search_student.php sql injection — College Management System 6.3 Medium2026-03-20
CVE-2026-33134 WeGIA has Authenticated Time-Based Blind SQL Injection in `restaurar_produto.php` via `id_produto` parameter — WeGIA 9.3 Critical2026-03-20
CVE-2026-33133 WeGIA has an arbitrary SQL execution vulnerability via crafted backup archive — WeGIA 8.8 -2026-03-20
CVE-2026-4473 itsourcecode Online Doctor Appointment System appointment_action.php sql injection — Online Doctor Appointment System 4.7 Medium2026-03-20
CVE-2026-4472 itsourcecode Online Frozen Foods Ordering System admin_edit_supplier.php sql injection — Online Frozen Foods Ordering System 6.3 Medium2026-03-20
CVE-2026-4471 itsourcecode Online Frozen Foods Ordering System admin_edit_employee.php sql injection — Online Frozen Foods Ordering System 4.7 Medium2026-03-20
CVE-2026-33025 AVideo-Encoder is Vulnerable to Authenticated SQL Injection via ORDER BY Clause — AVideo-Encoder 9.8 -2026-03-20
CVE-2026-4470 itsourcecode Online Frozen Foods Ordering System admin_edit_menu.php sql injection — Online Frozen Foods Ordering System 4.7 Medium2026-03-20
CVE-2026-32954 ERP has a possibility SQL Injection vulnerability due to missing validation — erpnext 7.1 High2026-03-20
CVE-2026-32950 SQLBot: RCE via SQL Injection in Excel Upload Endpoint — SQLBot 8.8 -2026-03-20
CVE-2026-4469 itsourcecode Online Frozen Foods Ordering System admin_edit_menu_action.php sql injection — Online Frozen Foods Ordering System 4.7 Medium2026-03-20
CVE-2026-32888 Open Source Point of Sale is Vulnerable to SQL Injection Through its Item Search Functionality — opensourcepos 8.8 High2026-03-20
CVE-2026-32813 Admidio: Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter) — admidio 8.0 High2026-03-20
CVE-2026-32767 SiYuan: Authorization Bypass Allows Arbitrary SQL Execution via Search API — siyuan 9.8 Critical2026-03-20
CVE-2026-32763 SQL Injection via unsanitized JSON path keys when ignoring/silencing compilation errors or using `Kysely<any>`. — kysely 8.2 High2026-03-19
CVE-2026-33288 SuiteCRM has Authenticated SQL Injection in Authentication Module — SuiteCRM 8.8 High2026-03-19
CVE-2026-29099 SuiteCRM has Authenticated Blind SQL Injection in OutboundEmail Legacy Functionality. — SuiteCRM 8.8 High2026-03-19
CVE-2026-29096 SuiteCRM vulnerable to Authenticated SQL Injection via unsanitized field_function in Report Fields — SuiteCRM 8.1 High2026-03-19
CVE-2026-3658 Appointment Booking Calendar <= 1.6.10.0 - Unauthenticated SQL Injection via 'fields' Parameter — Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin 7.5 High2026-03-19

Vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) represent 8838 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.