Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) — Vulnerability Class 8837

8837 vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-32698 OpenProject has a SQL Injection via Custom Field Name that can be chained to Remote Code Execution — openproject 9.1 Critical2026-03-18
CVE-2026-32321 ClipBucket v5 has time-based Blind SQL Injection in ajax.php that leads to Data Exfiltration — clipbucket-v5 8.8 High2026-03-18
CVE-2026-32611 Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements — glances 7.0 High2026-03-18
CVE-2026-31891 Cockpit CMS has SQL Injection in MongoLite Aggregation Optimizer via toJsonExtractRaw() — Cockpit 7.7 High2026-03-18
CVE-2026-33058 Kanboard has Authenticated SQL Injection in Project Permissions Handler — kanboard 6.5 -2026-03-18
CVE-2026-26001 GLPI Inventory Plugin has SQL Injection on dropdown_calendar Report — glpi-inventory-plugin 7.1 High2026-03-17
CVE-2026-25936 GLPI Vulnerable to Authenticated SQL Injection — glpi 6.5 Medium2026-03-17
CVE-2026-4319 code-projects Simple Food Order System add-item.php sql injection — Simple Food Order System 7.3 High2026-03-17
CVE-2026-4324 Rubygem-katello: katello: denial of service and potential information disclosure via sql injection — Red Hat Satellite 6.17 for RHEL 9 5.4 Medium2026-03-17
CVE-2026-2579 WowStore – Store Builder & Product Blocks for WooCommerce <= 4.4.3 - Unauthenticated SQL Injection via 'search' Parameter — WowStore – Store Builder & Product Blocks for WooCommerce 7.5 High2026-03-17
CVE-2026-4289 Tiandy Easy7 Integrated Management Platform getRecByTemplateId sql injection — Easy7 Integrated Management Platform 7.3 High2026-03-17
CVE-2026-4288 Tiandy Easy7 Integrated Management Platform Endpoint getDevDetailedInfo sql injection — Easy7 Integrated Management Platform 7.3 High2026-03-17
CVE-2026-4287 Tiandy Easy7 Integrated Management Platform Endpoint queryResources sql injection — Easy7 Integrated Management Platform 7.3 High2026-03-16
CVE-2026-30881 Chamilo LMS: SQL Injection in the statistics AJAX endpoint — chamilo-lms 8.8 High2026-03-16
CVE-2026-28430 Chamilo LMS Vulnerable to Unauthenticated SQL Injection in chamiko-lms model.ajax.php — chamilo-lms 9.8AICriticalAI2026-03-16
CVE-2025-62319 Boolean-Based SQL Injection in Multiple Unica Components — Unica 9.8 Critical2026-03-16
CVE-2026-4241 itsourcecode College Management System time-table.php sql injection — College Management System 6.3 Medium2026-03-16
CVE-2026-4238 itsourcecode College Management System courses.php sql injection — College Management System 4.7 Medium2026-03-16
CVE-2026-4237 itsourcecode Free Hotel Reservation System index.php sql injection — Free Hotel Reservation System 7.3 High2026-03-16
CVE-2026-4236 itsourcecode Online Enrollment System index.php sql injection — Online Enrollment System 7.3 High2026-03-16
CVE-2026-4235 itsourcecode Online Enrollment System login.php sql injection — Online Enrollment System 7.3 High2026-03-16
CVE-2026-4234 SSCMS DDL SitesAddController.Submit.cs sql injection — SSCMS 6.3 Medium2026-03-16
CVE-2026-4232 Tiandy Integrated Management Platform getAuthorityByUserId sql injection — Integrated Management Platform 7.3 High2026-03-16
CVE-2026-4230 vanna-ai vanna Endpoint __init__.py update_sql sql injection — vanna 6.3 Medium2026-03-16
CVE-2026-4229 vanna-ai vanna bigquery_vector.py remove_training_data sql injection — vanna 7.3 High2026-03-16
CVE-2026-4223 itsourcecode Payroll Management System manage_employee.php sql injection — Payroll Management System 7.3 High2026-03-16
CVE-2026-4190 JawherKl node-api-postgres user.js User.getAll sql injection — node-api-postgres 7.3 High2026-03-15
CVE-2026-4189 phpipam Section edit-result.php sql injection — phpipam 4.7 Medium2026-03-15
CVE-2015-20120 RealtyScript 4.0.2 Multiple Time-based Blind SQL Injection — RealtyScript 8.2 High2026-03-15
CVE-2015-20121 RealtyScript 4.0.2 SQL Injection via u_id and agent Parameters — RealtyScripts 8.2 High2026-03-15

Vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) represent 8837 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.