Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) — Vulnerability Class 8840

8840 vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-12812 Cloud Suite and Privilege Access Service – SQL Injection — Cloud Suite and Privileged Access Service 9.8AICriticalAI2026-02-18
CVE-2026-27179 MajorDoMo Unauthenticated SQL Injection in Commands Module — MajorDoMo 8.2 High2026-02-18
CVE-2026-2663 Alixhan xh-admin-backend Database Query query sql injection — xh-admin-backend 6.3 Medium2026-02-18
CVE-2025-59920 SQL injection in time@work from systems@work — time at work 8.8AIHighAI2026-02-18
CVE-2026-1317 WP Import – Ultimate CSV XML Importer for WordPress <= 7.37 - Authenticated (Subscriber+) SQL Injection via File Name — WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress 6.5 Medium2026-02-18
CVE-2025-8781 Bookster – WordPress Appointment Booking Plugin <= 2.1.1 - Authenticated (Administrator+) SQL Injection via 'raw' — Bookster – WordPress Appointment Booking Plugin 4.9 Medium2026-02-18
CVE-2026-2495 WPNakama <= 0.6.5 - Unauthenticated SQL Injection via 'order' REST API Parameter — WPNakama – Team and multi-Client Collaboration, Editorial and Project Management 7.5 High2026-02-18
CVE-2026-1639 Taskbuilder <= 5.0.2 - Authenticated (Subscriber+) SQL Injection via 'order' and 'sort_by' Parameters — Taskbuilder – Project Management & Task Management Tool With Kanban Board 6.5 Medium2026-02-18
CVE-2026-2576 Business Directory Plugin <= 6.4.21 - Unauthenticated SQL Injection via payment Parameter — Business Directory Plugin – Easy Listing Directories for WordPress 7.5 High2026-02-18
CVE-2026-2621 Sciyon Koyuan Thermoelectricity Heat Network Management System AsyncTreeProxy.aspx sql injection — Koyuan Thermoelectricity Heat Network Management System 7.3 High2026-02-17
CVE-2026-2620 Huace Monitoring and Early Warning System ProjectRole.aspx sql injection — Monitoring and Early Warning System 7.3 High2026-02-17
CVE-2025-7631 Time-Based Blind SQLi in Tumeva Internet Technologies' Tumeva Prime News Software — Tumeva Prime News Software 8.6 High2026-02-17
CVE-2026-2247 SQL Injection in Clickedu's SaaS platform — SaaS platform 8.8AIHighAI2026-02-17
CVE-2026-2553 tushar-2223 Hotel-Management-System HTTP POST Request home.php sql injection — Hotel-Management-System 6.3 Medium2026-02-16
CVE-2026-1258 Mail Mint <= 1.19.2 - Authenticated (Administrator+) SQL Injection via Multiple API Endpoints — Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails 4.9 Medium2026-02-14
CVE-2026-2024 PhotoStack Gallery <= 0.4.1 - Unauthenticated SQL Injection via 'postid' Parameter — PhotoStack Gallery 7.5 High2026-02-14
CVE-2019-25335 PRO-7070 Hazır Profesyonel Web Sitesi 1.0 - Authentication Bypass — 7070 Hazır Profesyonel Web Sitesi 7.5 High2026-02-12
CVE-2019-25325 Thrive Smart Home 1.1 - 'Smart Home' Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') — Smart Home 8.2 High2026-02-12
CVE-2019-25320 elearning-script 1.0 - Authentication Bypass — elearning-script 6.5 Medium2026-02-12
CVE-2019-25347 thesystem App 1.0 - 'username' SQL Injection — thesystem 7.5 High2026-02-12
CVE-2019-25346 thesystem 1.0 - 'server_name' SQL Injection — thesystem 7.5 High2026-02-12
CVE-2026-22821 mreporting affected by a SQLI on date change — mreporting 4.9 Medium2026-02-12
CVE-2025-10969 SQLi in Farktor Software's E-Commerce Package — E-Commerce Package 9.8 Critical2026-02-12
CVE-2025-13431 SlimStat Analytics <= 5.3.1 - Authenticated (Subscriber+) SQL Injection via `args` Parameter — SlimStat Analytics 6.5 Medium2026-02-11
CVE-2026-25993 EverShop has a Second-Order SQL Injection in URL Rewrite Processing Derived from Category URL Keys — evershop 9.8AICriticalAI2026-02-10
CVE-2026-25947 Worklenz Boolean-Based Blind SQL Injection via Improper ORDER BY Clause Input Validation — worklenz 8.8 High2026-02-10
CVE-2026-1602 Ivanti Endpoint Manager SQL注入漏洞 — Endpoint Manager 6.5 Medium2026-02-10
CVE-2025-7636 SQLi in Ergosis Security Systems' ZEUS PDKS — ZEUS PDKS 8.8 High2026-02-10
CVE-2026-2094 Flowring|Docpedia - SQL Injection — Docpedia 8.8 High2026-02-10
CVE-2026-2093 Flowring|Docpedia - SQL Injection — Docpedia 7.5 High2026-02-10

Vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) represent 8840 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.