Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) — Vulnerability Class 8841

8841 vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-25236 PEAR is Vulnerable to SQL Injection in Damblan_Karma IN() Query via Literal Substitution — pearweb 9.8AICriticalAI2026-02-03
CVE-2026-25234 PEAR is Vulnerable to SQL Injection in Category Deletion — pearweb 8.8AIHighAI2026-02-03
CVE-2020-37112 GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection — GUnet OpenEclass 7.1 High2026-02-03
CVE-2020-37108 PhpIX 2012 Professional - 'id' SQL Injection — PhpIX 2012 Professional 7.1 High2026-02-03
CVE-2020-37110 60CycleCMS 2.5.2 - 'news.php' SQL Injection Vulnerability — 60CycleCMS 8.2 High2026-02-03
CVE-2020-37105 PMB 5.6 - 'logid' SQL Injection — PMB 7.1 High2026-02-03
CVE-2026-1312 Potential SQL injection via QuerySet.order_by and FilteredRelation — Django 9.8 -2026-02-03
CVE-2026-1287 Potential SQL injection in column aliases via control characters — Django 9.8 -2026-02-03
CVE-2026-1207 Potential SQL injection via raster lookups on PostGIS — Django 9.8 -2026-02-03
CVE-2025-5319 SQLi in Emit Informatics' DIGITA Efficiency Management System — DIGITA Efficiency Management System 9.8 Critical2026-02-03
CVE-2026-25022 WordPress KiviCare plugin <= 3.6.16 - SQL Injection vulnerability — KiviCare 9.8AICriticalAI2026-02-03
CVE-2026-1432 SQL injection (SQLi) on the Buroweb platform — Buroweb 9.8AICriticalAI2026-02-03
CVE-2025-10878 Fikir Odalari AdminPando SQL注入漏洞 — Fikir Odalari AdminPando 10.0 Critical2026-02-03
CVE-2025-8587 Time-Based Blind SQLi in AKCE Software's SKSPro — SKSPro 8.6 High2026-02-02
CVE-2026-1746 JeecgBoot Online Report API loadDictItemByKeyword sql injection — JeecgBoot 6.3 Medium2026-02-02
CVE-2021-47918 Simple CMS 2.1 SQL Injection Vulnerability via Users Module — Simple CMS 8.1 High2026-02-01
CVE-2021-47915 PHP Melody 3.0 SQL Injection Vulnerability via Edit Video Parameter — PHP Melody 8.1 High2026-02-01
CVE-2021-47909 Mult-E-Cart Ultimate 2.4 SQL Injection via Vulnerable ID Parameters — Digital Multivendor Marketplace Online Store 8.1 High2026-02-01
CVE-2026-0683 SupportCandy – Helpdesk & Customer Support Ticket System <= 3.4.4 - Authenticated (Subscriber+) SQL Injection via Number Field Filter — SupportCandy – Helpdesk & Customer Support Ticket System 6.5 Medium2026-01-31
CVE-2020-37057 Online-Exam-System 2015 - 'fid' SQL Injection — Online-Exam-System 8.2 High2026-01-30
CVE-2020-37053 Navigate CMS 2.8.7 - ''sidx' SQL Injection — Navigate CMS 7.1 High2026-01-30
CVE-2020-37051 Online-Exam-System 2015 - 'feedback' SQL Injection — Online-Exam-System 8.2 High2026-01-30
CVE-2020-37035 e-learning Php Script 0.1.0 - 'search' SQL Injection — e-learning PHP Script 8.2 High2026-01-30
CVE-2020-37033 Infor Storefront B2B 1.0 - 'usr_name' SQL Injection — Infor Storefront B2B 8.2 High2026-01-30
CVE-2026-1701 itsourcecode School Management System index.php sql injection — School Management System 7.3 High2026-01-30
CVE-2026-1688 itsourcecode Directory Management System index.php sql injection — Directory Management System 7.3 High2026-01-30
CVE-2025-4686 Time-Based Blind SQLi in Kodmatic Computer's Online Exam and Assessment — Online Exam and Assessment 8.6 High2026-01-30
CVE-2026-24854 Church CRM has SQL injection in PaddleNumEditor.php — CRM 8.8 High2026-01-30
CVE-2026-1595 itsourcecode Society Management System edit_student_query.php sql injection — Society Management System 7.3 High2026-01-29
CVE-2025-7714 Time Based SQLi in Global Medya's PHP CMS — Content Management System (CMS) 7.5 High2026-01-29

Vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) represent 8841 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.