Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) — Vulnerability Class 8838

8838 vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-20001 Cisco Secure Firewall Management Center Software SQL Injection Vulnerabilities — Cisco Secure Firewall Management Center (FMC) 6.5 Medium2026-03-04
CVE-2023-7337 JS Help Desk – AI-Powered Support & Ticketing System 2.8.2 - Unauthenticated SQL Injection via 'js-support-ticket-token-tkstatus' Cookie — JS Help Desk – AI-Powered Support & Ticketing System 7.5 High2026-03-04
CVE-2026-2363 WP-Members Membership Plugin <= 3.5.5.1 - Authenticated (Contributor+) SQL Injection via 'order_by' Shortcode Attribute — WP-Members Membership Plugin 6.5 Medium2026-03-04
CVE-2026-1651 Email Subscribers & Newsletters <= 5.9.16 - Authenticated (Administrator+) SQL Injection via 'workflow_ids' Parameter — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress 6.5 Medium2026-03-04
CVE-2026-3487 itsourcecode College Management System class-result.php sql injection — College Management System 4.7 Medium2026-03-03
CVE-2026-3486 itsourcecode College Management System student-fee.php sql injection — College Management System 4.7 Medium2026-03-03
CVE-2026-1487 LatePoint <= 5.2.7 - Authenticated (Administrator+) SQL Injection via JSON Import — LatePoint – Calendar Booking Plugin for Appointments and Events 6.5 Medium2026-03-03
CVE-2026-3180 Contest Gallery <= 28.1.4 - Unauthenticated SQL Injection — Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe 7.5 High2026-03-02
CVE-2026-28399 NocoDB: SQL Injection via DATEADD Formula — nocodb 8.8AIHighAI2026-03-02
CVE-2025-50192 Chamilo: Time-based SQL Injection in /main/webservices/registration.soap.php — chamilo-lms 9.8AICriticalAI2026-03-02
CVE-2025-50191 Chamilo: Error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script — chamilo-lms 9.8AICriticalAI2026-03-02
CVE-2025-50190 Chamilo: Error-based SQL Injection via GET openid.assoc_handle with the /index.php script — chamilo-lms 9.8AICriticalAI2026-03-02
CVE-2025-50189 Chamilo: Error-based SQL Injection — chamilo-lms 9.8AICriticalAI2026-03-02
CVE-2025-50188 Error-based SQL Injection in Chamilo LMS — chamilo-lms 9.8AICriticalAI2026-03-02
CVE-2025-12462 Blind SQL Injection in DobryCMS — DobryCMS 9.8AICriticalAI2026-03-02
CVE-2025-30062 SQL injection in CheckUnitCodeAndKey.pl — CGM CLININET 9.8AICriticalAI2026-03-02
CVE-2025-10350 SQL injection in CGM NETRAAD — CGM NETRAAD 6.5AIMediumAI2026-03-02
CVE-2026-2584 SQL Injection in Ciser System SL firmware — CSIP firmware 5.3AIMediumAI2026-03-02
CVE-2026-3413 itsourcecode University Management System admin_single_student.php sql injection — University Management System 7.3 High2026-03-02
CVE-2026-3411 itsourcecode University Management System admin_single_student_update.php sql injection — University Management System 7.3 High2026-03-02
CVE-2026-3410 itsourcecode Society Management System check_studid.php sql injection — Society Management System 7.3 High2026-03-02
CVE-2026-3406 projectworlds Online Art Gallery Shop Registration registration.php sql injection — Online Art Gallery Shop 7.3 High2026-03-02
CVE-2026-28562 wpForo Forum 2.4.14 SQL Injection via Topics ORDER BY Parameter — wpForo Forum 8.2 High2026-02-28
CVE-2025-13673 Tutor LMS <= 3.9.6 - Unauthenticated SQL Injection via coupon_code — Tutor LMS – eLearning and online course solution 7.5 High2026-02-28
CVE-2026-28516 openDCIM <= 23.04 SQL Injection in Config::UpdateParameter — openDCIM 8.8 -2026-02-27
CVE-2026-27832 Group-Office Has Authenticated SQL Injection in advancedQueryData.comparator — groupoffice 8.8 -2026-02-27
CVE-2019-25497 osCommerce 2.3.4.1 SQL Injection via currency Parameter — osCommerce 8.2 High2026-02-27
CVE-2019-25496 osCommerce 2.3.4.1 SQL Injection via products_id Parameter — osCommerce 8.2 High2026-02-27
CVE-2019-25495 osCommerce 2.3.4.1 SQL Injection via reviews_id Parameter — osCommerce 8.2 High2026-02-27
CVE-2019-25494 Homey BNB V4 SQL Injection Authentication Bypass via Admin Panel — Homey BNB (Airbnb Clone Script) 8.2 High2026-02-27

Vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) represent 8838 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.