Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) — Vulnerability Class 8841

8841 vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-2058 mathurvishal CloudClassroom-PHP-Project Post Query Details postquerypublic.php sql injection — CloudClassroom-PHP-Project 7.3 High2026-02-06
CVE-2026-2057 SourceCodester Medical Center Portal Management System login.php sql injection — Medical Center Portal Management System 7.3 High2026-02-06
CVE-2026-2018 itsourcecode School Management System controller.php sql injection — School Management System 7.3 High2026-02-06
CVE-2026-2014 itsourcecode Student Management System index.php sql injection — Student Management System 7.3 High2026-02-06
CVE-2026-2013 itsourcecode Student Management System index.php sql injection — Student Management System 7.3 High2026-02-06
CVE-2026-2012 itsourcecode Student Management System index.php sql injection — Student Management System 7.3 High2026-02-06
CVE-2026-2011 itsourcecode Student Management System controller.php sql injection — Student Management System 7.3 High2026-02-06
CVE-2026-21643 Fortinet FortiClientEMS SQL注入漏洞 — FortiClientEMS 9.1 Critical2026-02-06
CVE-2025-15325 Tanium addressed an improper input validation vulnerability in Discover. — Discover 6.3 Medium2026-02-05
CVE-2020-37151 phpMyChat Plus 1.98 'deluser.php' SQL Injection — phpMyChat Plus 8.2 High2026-02-05
CVE-2025-13379 A SQL Injection vulnerability has been addressed in IBM Aspera Console — Aspera Console 8.6 High2026-02-05
CVE-2026-1517 iomad Company Admin Block sql injection — iomad 4.7 Medium2026-02-05
CVE-2025-13192 Popup builder with Gamification <= 2.2.0 - Unauthenticated SQL Injection via Multiple REST API Endpoints — Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers 8.2 High2026-02-04
CVE-2026-25513 FacturaScripts has SQL Injection vulnerability in API ORDER BY Clause — facturascripts 8.8AIHighAI2026-02-04
CVE-2025-69215 OpenSTAManager has an SQL Injection in the Stampe Module — openstamanager 8.8AIHighAI2026-02-04
CVE-2025-69213 OpenSTAManager has a SQL Injection in ajax_complete.php (get_sedi endpoint) — openstamanager 8.8AIHighAI2026-02-04
CVE-2026-22044 GLPI is Vulnerable to Authenticated SQL Injection — glpi 6.5 Medium2026-02-04
CVE-2025-5329 SQLi in Martcode Software's Delta Course Automation — Delta Course Automation 9.8 Critical2026-02-04
CVE-2026-0816 All push notification for WP <= 1.5.3 - Authenticated (Administrator+) SQL Injection via 'delete_id' Parameter — All push notification for WP 4.9 Medium2026-02-04
CVE-2026-1370 SIBS - WooCommerce <= 2.2.0 - Authenticated (Admin+) SQL Injection via 'referencedId' Parameter — SIBS woocommerce payment gateway 4.9 Medium2026-02-04
CVE-2025-15268 Infility Global <= 2.14.46 - Unauthenticated SQL Injection via Predictable API Key and IP Whitelist Bypass — Infility Global 7.5 High2026-02-04
CVE-2020-37089 School ERP Pro 1.0 - 'es_messagesid' SQL Injection — School ERP Pro 8.2 High2026-02-03
CVE-2020-37083 addressbook 9.0.0.1 - 'id' SQL Injection — PHP Address Book 8.2 High2026-02-03
CVE-2020-37081 Fishing Reservation System 7.5 - 'uid' SQL Injection — Fishing Reservation System 7.1 High2026-02-03
CVE-2020-37076 Victor CMS 1.0 - 'post' SQL Injection — CMSsite 8.2 High2026-02-03
CVE-2019-25260 OXID eShop 6.3.4 - 'sorting' SQL Injection — OXID eShop 8.2 High2026-02-03
CVE-2026-25241 PEAR is Vulnerable to SQL Injection in /get/<package>/<version> Endpoint — pearweb 9.8AICriticalAI2026-02-03
CVE-2026-25240 PEAR is Vulnerable to SQL Injection in user::maintains() Role IN() Filter — pearweb 8.8AIHighAI2026-02-03
CVE-2026-25239 PEAR is Vulnerable to SQL Injection in apidoc_queue Insert via Unescaped Filename — pearweb 9.1AICriticalAI2026-02-03
CVE-2026-25238 PEAR is Vulnerable to SQL Injection in Bug Subscription Deletion via Weak Email Validation — pearweb 9.8AICriticalAI2026-02-03

Vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) represent 8841 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.