Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) — Vulnerability Class 8838

8838 vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2019-25479 Inout RealEstate Lastest SQL Injection via agentlistdetails — Inout RealEstate 8.2 High2026-03-12
CVE-2019-25473 Clinic Pro SQL Injection via monthly_expense_overview month Parameter — Clinic Pro 7.1 High2026-03-12
CVE-2026-4014 itsourcecode Cafe Reservation System Registration signup.php sql injection — Cafe Reservation System 7.3 High2026-03-12
CVE-2026-3981 itsourcecode Online Doctor Appointment System doctor_action.php sql injection — Online Doctor Appointment System 7.3 High2026-03-12
CVE-2026-3980 itsourcecode Online Doctor Appointment System patient_action.php sql injection — Online Doctor Appointment System 7.3 High2026-03-12
CVE-2026-3657 My Sticky Bar <= 2.8.6 - Unauthenticated SQL Injection via 'stickymenu_contact_lead_form' Action — My Sticky Bar – Floating Notification Bar & Sticky Header (formerly myStickymenu) 7.5 High2026-03-12
CVE-2026-3969 FeMiner wms Basic Organizational Structure depart_add_bg.php sql injection — wms 7.3 High2026-03-12
CVE-2026-3957 xierongwkhd weimai-wetapp Endpoint HomeController.java getLikeMovieList sql injection — weimai-wetapp 4.7 Medium2026-03-11
CVE-2026-32127 SQL Injection Vulnerability in ajax graphs library (OpenEMR) — openemr 8.8 High2026-03-11
CVE-2026-3956 xierongwkhd weimai-wetapp Admin_AdminUserController.java getAdmins sql injection — weimai-wetapp 4.7 Medium2026-03-11
CVE-2026-32234 Parse Server has a SQL injection via query field name when using PostgreSQL — parse-server 8.8AIHighAI2026-03-11
CVE-2026-31896 WeGIA has a Time-Based Blind SQL Injection in remover_produto_ocultar.php — WeGIA 9.8 Critical2026-03-11
CVE-2026-31895 WeGIA has a SQL Injection via Direct Query Interpolation in restaurar_produto.php — WeGIA 8.8 High2026-03-11
CVE-2026-31877 Frappe SQL Injection due to improper field sanitization — frappe 7.5AIHighAI2026-03-11
CVE-2019-25486 Varient 1.6.1 SQL Injection via user_id Parameter — Varient SQL Inj. 8.2 High2026-03-11
CVE-2026-31871 Parse Server has a SQL Injection via dot-notation sub-key name in `Increment` operation on PostgreSQL — parse-server 9.8AICriticalAI2026-03-11
CVE-2026-31858 CraftCMS's `ElementSearchController` Affected by Blind SQL Injection — cms 6.5AIMediumAI2026-03-11
CVE-2026-31856 Parse Server has a SQL injection via `Increment` operation on nested object field in PostgreSQL — parse-server 9.1AICriticalAI2026-03-11
CVE-2026-31840 Parse Server has a SQL injection via dot-notation field name in PostgreSQL — parse-server 9.8AICriticalAI2026-03-11
CVE-2026-3496 JetBooking <= 4.0.3 - Unauthenticated SQL Injection via 'check_in_date' Parameter — JetBooking 7.5 High2026-03-11
CVE-2026-3944 itsourcecode University Management System att_add.php sql injection — University Management System 7.3 High2026-03-11
CVE-2024-14025 Video Station — Video Station 7.2AIHighAI2026-03-11
CVE-2026-1708 Appointment Booking Calendar <= 1.6.9.27 - Unauthenticated SQL Injection via 'append_where_sql' Parameter — Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin 7.5 High2026-03-11
CVE-2026-31844 Authenticated SQL Injection in Koha displayby parameter of suggestion.pl — Koha 8.8 High2026-03-11
CVE-2026-3222 WP Maps <= 4.9.1 - Unauthenticated SQL Injection via 'location_id' Parameter — WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters 7.5 High2026-03-11
CVE-2026-2413 Ally – Web Accessibility & Usability <= 4.0.3 - Unauthenticated SQL Injection via URL Path — Ally – Web Accessibility & Usability 7.5 High2026-03-11
CVE-2026-31825 Sylius has a DQL Injection via API Order Filters — Sylius 5.3 Medium2026-03-10
CVE-2026-30951 Sequelize v6 Vulnerable to SQL Injection via JSON Column Cast Type — sequelize 7.5 High2026-03-10
CVE-2026-29174 Craft Commerce has a SQL Injection in Commerce Inventory Table Sorting — commerce 8.8AIHighAI2026-03-10
CVE-2026-29172 Craft Commerce has a SQL Injection in Commerce Purchasables Table Sorting — commerce 8.8AIHighAI2026-03-10

Vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) represent 8838 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.