Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) — Vulnerability Class 8838

8838 vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2019-25493 Homey BNB V4 SQL Injection via getrecord.php — Homey BNB (Airbnb Clone Script) 8.2 High2026-02-27
CVE-2019-25492 Homey BNB V4 SQL Injection via getcmsdata.php — Homey BNB (Airbnb Clone Script) 8.2 High2026-02-27
CVE-2019-25491 Homey BNB V4 SQL Injection via cms_getpagetitle.php — Homey BNB (Airbnb Clone Script) 8.2 High2026-02-27
CVE-2019-25490 Homey BNB V4 SQL Injection via admin edit.php — Homey BNB (Airbnb Clone Script) 8.2 High2026-02-27
CVE-2019-25489 Homey BNB V4 SQL Injection via ajax_refresh_subtotal — Homey BNB (Airbnb Clone Script) 8.2 High2026-02-27
CVE-2025-15498 SQL Injection in Pro3W CMS — Pro3W CMS 9.8 -2026-02-27
CVE-2025-11252 SQLi in Signum Technologies' windesk.fm — windesk.fm 9.8 Critical2026-02-27
CVE-2025-11251 SQLi in Dayneks Software's E-Commerce Platform — E-Commerce Platform 9.8 Critical2026-02-27
CVE-2026-2831 MailArchiver <= 4.5.0 - Authenticated (Admininistrator+) SQL Injection via 'logid' Parameter — MailArchiver 4.9 Medium2026-02-27
CVE-2026-3292 jizhiCMS Batch Model.php findAll sql injection — jizhiCMS 6.3 Medium2026-02-27
CVE-2026-3287 youlaitech youlai-mall App-side Product Pagination Endpoint SpuController.java listPagedSpuForApp sql injection — youlai-mall 6.3 Medium2026-02-27
CVE-2026-28226 Phishing Club has Authenticated Blind SQL Injection in GetOrphaned Recipient Listing — phishingclub 6.5 Medium2026-02-26
CVE-2026-3261 itsourcecode School Management System Setting index.php sql injection — School Management System 7.3 High2026-02-26
CVE-2026-22206 SPIP < 4.4.10 SQL Injection RCE via Union & PHP Tags — SPIP 8.8 High2026-02-26
CVE-2026-27149 Discourse has SQL injection in PM tag filtering — discourse 6.5AIMediumAI2026-02-26
CVE-2026-1198 SQL Injection in SIMPLE.ERP — Simple.ERP 8.8AIHighAI2026-02-26
CVE-2026-28136 WordPress WP SMS plugin <= 6.9.12 - SQL Injection vulnerability — WP SMS 9.8AICriticalAI2026-02-26
CVE-2026-26186 Fleet has a SQL injection via backtick escape in ORDER BY parameter — fleet 8.1AIHighAI2026-02-26
CVE-2026-3200 z-9527 admin user.js getUsers sql injection — admin 7.3 High2026-02-25
CVE-2026-25746 OpenEMR has SQL Injection Vulnerability — openemr 8.8 High2026-02-25
CVE-2026-24908 OpenEMR has SQL Injection in Patient API Sort Parameter — openemr 10.0 Critical2026-02-25
CVE-2026-23627 OpenEMR has SQL Injection in Immunization Search/Report — openemr 8.8AIHighAI2026-02-25
CVE-2026-25554 OpenSIPS 3.1 <= 3.6.4 auth_jwt SQL Injection Enables JWT Authentication Bypass — OpenSIPS 6.5 Medium2026-02-25
CVE-2026-27847 Missing authentication in Linksys MR9600, Linksys MX4200 — MR9600 9.8AICriticalAI2026-02-25
CVE-2026-3118 Rhdh: graphql injection leading to platform-wide denial of service (dos) in rh developer hub orchestrator plugin — Red Hat Developer Hub 1.8 6.5 Medium2026-02-25
CVE-2026-2416 Geo Mashup <= 1.13.17 - Unauthenticated SQL Injection via 'sort' Parameter — Geo Mashup 7.5 High2026-02-25
CVE-2026-3164 itsourcecode News Portal Project contactus.php sql injection — News Portal Project 7.3 High2026-02-25
CVE-2026-3153 itsourcecode Document Management System register.php sql injection — Document Management System 7.3 High2026-02-25
CVE-2026-3152 itsourcecode College Management System teacher-salary.php sql injection — College Management System 7.3 High2026-02-25
CVE-2026-3151 itsourcecode College Management System login.php sql injection — College Management System 7.3 High2026-02-25

Vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) represent 8838 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.