CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) — Vulnerability Class 8827

8827 vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-3599	Riaxe Product Customizer <= 2.1.2 - Unauthenticated SQL Injection via 'options' Parameter Keys in product_data — Riaxe Product Customizer	7.5	High	2026-04-16
CVE-2025-63029	WordPress WCFM Marketplace plugin <= 3.7.1 - SQL Injection vulnerability — WCFM Marketplace	7.6	High	2026-04-15
CVE-2026-20061	Cisco Unity Connection SQL Injection Vulnerability — Cisco Unity Connection	4.3	Medium	2026-04-15
CVE-2026-40744	WordPress Beaver Builder plugin <= 2.10.1.2 - SQL Injection vulnerability — Beaver Builder	9.8	-	2026-04-15
CVE-2026-40745	WordPress Element Pack Elementor Addons plugin <= 8.4.2 - SQL Injection vulnerability — Element Pack Elementor Addons	9.8	-	2026-04-15
CVE-2026-33714	Chamilo LMS has Authenticated SQL Injection in statistics.ajax.php users_active action (2.0 RC2) — chamilo-lms	8.8	-	2026-04-14
CVE-2026-32176	SQL Server Elevation of Privilege Vulnerability — Microsoft SQL Server 2016 Service Pack 3 (GDR)	6.7	Medium	2026-04-14
CVE-2026-32167	SQL Server Elevation of Privilege Vulnerability — Microsoft SQL Server 2016 Service Pack 3 (GDR)	6.7	Medium	2026-04-14
CVE-2025-61848	Fortinet多款产品 SQL注入漏洞 — FortiManager	6.8	High	2026-04-14
CVE-2026-39815	Fortinet FortiDDoS-F 安全漏洞 — FortiDDoS-F	7.9	High	2026-04-14
CVE-2026-39809	Fortinet FortiClientEms 安全漏洞 — FortiClientEMS	6.2	Medium	2026-04-14
CVE-2026-40315	PraisonAI: SQLiteConversationStore didn't validate table_prefix when constructing SQL queries — PraisonAI	8.1	-	2026-04-14
CVE-2026-4352	JetEngine <= 3.8.6.1 - Unauthenticated SQL Injection via '_cct_search' Parameter — JetEngine	7.5	High	2026-04-14
CVE-2026-27681	SQL Injection vulnerability in SAP Business Planning and Consolidation and SAP Business Warehouse — SAP Business Planning and Consolidation and SAP Business Warehouse	9.9	Critical	2026-04-14
CVE-2026-32272	Craft Commerce: Blind SQL Injection via hasVariant/hasProduct — commerce	9.8	-	2026-04-13
CVE-2026-32271	Craft Commerce: SQL Injection can lead to Remote Code Execution via TotalRevenue Widget — commerce	8.8	-	2026-04-13
CVE-2026-6202	code-projects Easy Blog Site post.php sql injection — Easy Blog Site	6.3	Medium	2026-04-13
CVE-2026-6193	PHPGurukul Daily Expense Tracking System register.php sql injection — Daily Expense Tracking System	7.3	High	2026-04-13
CVE-2026-6191	itsourcecode Construction Management System equipments.php sql injection — Construction Management System	6.3	Medium	2026-04-13
CVE-2026-6190	itsourcecode Construction Management System employees.php sql injection — Construction Management System	6.3	Medium	2026-04-13
CVE-2026-6189	SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection — Pharmacy Sales and Inventory System	7.3	High	2026-04-13
CVE-2026-34186	SQL Injection in Custom Fields leads to Database Compromise — Pandora FMS	9.8	-	2026-04-13
CVE-2026-30813	SQL Injection in Module Search leads to Database Compromise — Pandora FMS	9.8	-	2026-04-13
CVE-2026-6188	SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection — Pharmacy Sales and Inventory System	7.3	High	2026-04-13
CVE-2026-6187	SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection — Pharmacy Sales and Inventory System	7.3	High	2026-04-13
CVE-2026-6183	code-projects Simple Content Management System index.php sql injection — Simple Content Management System	7.3	High	2026-04-13
CVE-2026-6182	code-projects Simple Content Management System login.php sql injection — Simple Content Management System	7.3	High	2026-04-13
CVE-2026-6167	code-projects Faculty Management System subject-print.php sql injection — Faculty Management System	7.3	High	2026-04-13
CVE-2026-6166	code-projects Vehicle Showroom Management System UpdateVehicleFunction.php sql injection — Vehicle Showroom Management System	7.3	High	2026-04-13
CVE-2026-6165	code-projects Vehicle Showroom Management System Login_check.php sql injection — Vehicle Showroom Management System	7.3	High	2026-04-13

Vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) represent 8827 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) — Vulnerability Class 8827