CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) — Vulnerability Class 8824

8824 vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-35588	Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values — glances	6.3	Medium	2026-04-20
CVE-2025-66335	Apache Doris MCP Server: MCP SQL inject — Apache Doris MCP Server	9.8^AI	Critical^AI	2026-04-20
CVE-2026-6629	Metasoft 美特软件 MetaCRM Interface sql.jsp Statement.executeUpdate sql injection — MetaCRM	7.3	High	2026-04-20
CVE-2026-6628	phili67 Ecclesia CRM Query Viewer view ValidateInput sql injection — Ecclesia CRM	6.3	Medium	2026-04-20
CVE-2026-5964	Digiwin｜EasyFlow .NET - SQL Injection — EasyFlow .NET	9.8	Critical	2026-04-20
CVE-2026-5963	Digiwin｜EasyFlow .NET - SQL Injection — EasyFlow .NET	9.8	Critical	2026-04-20
CVE-2026-6595	ProjectsAndPrograms School Management System HTTP GET Parameter buslocation.php sql injection — School Management System	7.3	High	2026-04-20
CVE-2026-6562	dameng100 muucmf index.html getListByPage sql injection — muucmf	7.3	High	2026-04-19
CVE-2026-40482	ChurchCRM has Authenticated SQL Injection in `/api/families/byCheckNumber/{scanString}` — CRM	8.8^AI	High^AI	2026-04-17
CVE-2026-40285	WeGIA has SQL Injection via Session Variable Override in DespachoControle.php — WeGIA	8.8	High	2026-04-17
CVE-2026-6490	QueryMine sms GET Request Parameter deletecourse.php sql injection — sms	7.3	High	2026-04-17
CVE-2026-6488	QueryMine sms GET Request Parameter editcourse.php sql injection — sms	6.3	Medium	2026-04-17
CVE-2025-15625	Unauthenticated execution of arbitrary SQL queries in Sparx Pro Cloud Server — Sparx Pro Cloud Server	9.8^AI	Critical^AI	2026-04-17
CVE-2026-34018	CubeCart 安全漏洞 — CubeCart	9.8^AI	Critical^AI	2026-04-17
CVE-2026-6080	Tutor LMS <= 3.9.8 - Authenticated (Admin+) SQL Injection via 'date' Parameter — Tutor LMS – eLearning and online course solution	6.5	Medium	2026-04-17
CVE-2026-3330	Form Maker by 10Web <= 1.15.40 - Authenticated (Administrator+) SQL Injection via 'ip_search' Parameter — Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder	4.9	Medium	2026-04-17
CVE-2026-4817	MasterStudy LMS <= 3.7.25 - Authenticated (Subscriber+) Time-based Blind SQL Injection via 'order' and 'orderby' Parameters — MasterStudy LMS WordPress Plugin – for Online Courses and Education	6.5	Medium	2026-04-17
CVE-2026-40900	DataEase has SQL Injection via Stacked Queries — dataease	8.8^AI	High^AI	2026-04-16
CVE-2026-33207	DataEase SQL Injection Vulnerability — dataease	9.8^AI	Critical^AI	2026-04-16
CVE-2026-33122	DataEase has SQL Injection via Datasource Management — dataease	8.8^AI	High^AI	2026-04-16
CVE-2026-33121	DataEase has SQL Injection via Datasource Save Flow — dataease	8.1^AI	High^AI	2026-04-16
CVE-2026-33084	DataEase has SQL Injection through its getFieldEnumObj Endpoint — dataease	7.5^AI	High^AI	2026-04-16
CVE-2026-33083	DataEase has SQL Injection in Order By Clause — dataease	8.8^AI	High^AI	2026-04-16
CVE-2026-33082	DataEase: SQL Injection in v2 Dataset Export — dataease	9.8^AI	Critical^AI	2026-04-16
CVE-2026-5785	SQL Injection — ManageEngine PAM360	8.1	High	2026-04-16
CVE-2026-3489	DirectoryPress – Business Directory And Classified Ad Listing <= 3.6.26 - Unauthenticated SQL Injection via 'packages' — DirectoryPress – Business Directory And Classified Ad Listing	7.5	High	2026-04-16
CVE-2026-3773	Accessibility Suite by Ability, Inc <= 4.20 - Authenticated (Subscriber+) SQL Injection via 'scan_id' Parameter — Accessibility Suite by Ability, Inc	6.5	Medium	2026-04-16
CVE-2026-3599	Riaxe Product Customizer <= 2.1.2 - Unauthenticated SQL Injection via 'options' Parameter Keys in product_data — Riaxe Product Customizer	7.5	High	2026-04-16
CVE-2025-63029	WordPress WCFM Marketplace plugin <= 3.7.1 - SQL Injection vulnerability — WCFM Marketplace	7.6	High	2026-04-15
CVE-2026-20061	Cisco Unity Connection SQL Injection Vulnerability — Cisco Unity Connection	4.3	Medium	2026-04-15

Vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) represent 8824 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) — Vulnerability Class 8824