Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) — Vulnerability Class 8857

8857 vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-1130 Yonyou KSOA HTTP GET Parameter worksadd_plan.jsp sql injection — KSOA 7.3 High2026-01-19
CVE-2026-1129 Yonyou KSOA HTTP GET Parameter worksadd.jsp sql injection — KSOA 7.3 High2026-01-19
CVE-2026-1124 Yonyou KSOA HTTP GET Parameter work_report.jsp sql injection — KSOA 7.3 High2026-01-18
CVE-2026-1123 Yonyou KSOA HTTP GET Parameter work_mod.jsp sql injection — KSOA 7.3 High2026-01-18
CVE-2026-1122 Yonyou KSOA HTTP GET Parameter work_info.jsp sql injection — KSOA 7.3 High2026-01-18
CVE-2026-1121 Yonyou KSOA HTTP GET Parameter del_workplan.jsp sql injection — KSOA 7.3 High2026-01-18
CVE-2026-1120 Yonyou KSOA HTTP GET Parameter del_work.jsp sql injection — KSOA 7.3 High2026-01-18
CVE-2026-1119 itsourcecode Society Management System delete_activity.php sql injection — Society Management System 7.3 High2026-01-18
CVE-2026-1118 itsourcecode Society Management System add_activity.php sql injection — Society Management System 6.3 Medium2026-01-18
CVE-2026-1105 EasyCMS UserAction.class.php sql injection — EasyCMS 7.3 High2026-01-17
CVE-2026-1059 FeMiner wms chkuser.php sql injection — wms 7.3 High2026-01-17
CVE-2026-1050 risesoft-y9 Digital-Infrastructure REST Authenticate Endpoint Y9PlatformUtil.java sql injection — Digital-Infrastructure 7.3 High2026-01-17
CVE-2025-12984 Advanced Ads – Ad Manager & AdSense <= 2.0.15 - Authenticated (Admin+) SQL Injection — Advanced Ads – Ad Manager & AdSense 4.9 Medium2026-01-17
CVE-2026-23723 WeGIA has a Critical SQL Injection in Atendido_ocorrenciaControle via id_memorando parameter — WeGIA 7.2 High2026-01-16
CVE-2025-61943 AVEVA Process Optimization SQL Injection — Process Optimization 8.4 High2026-01-16
CVE-2021-47811 Grocery crud 1.6.4 - 'order_by' SQL Injection — Grocery crud 9.1 Critical2026-01-15
CVE-2021-47801 Vianeos OctoPUS 5 - 'login_user' SQLi — Vianeos OctoPUS 8.2 High2026-01-15
CVE-2021-47782 Odine Solutions GateKeeper 1.0 - 'trafficCycle' SQL Injection — Odine Solutions GateKeeper 8.2 High2026-01-15
CVE-2025-66417 GLPI has an unauthenticated SQL injection through the inventory endpoint — glpi 7.5 High2026-01-15
CVE-2021-47777 Build Smart ERP 21.0817 - 'eidValue' SQL Injection (Unauthenticated) — Build Smart ERP 8.2 High2026-01-15
CVE-2021-47766 Kmaleon 1.1.0.205 - 'tipocomb' SQL Injection (Authenticated) — Kmaleon 7.1 High2026-01-15
CVE-2021-47763 Aimeos Laravel ecommerce platform 2021.10 LTS - 'sort' SQL injection — Aimeos Laravel ecommerce platform 8.2 High2026-01-15
CVE-2025-12166 Simply Schedule Appointments <= 1.6.9.9 - Unauthenticated SQL Injection via `order` and `append_where_sql` Parameters — Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin 7.5 High2026-01-14
CVE-2026-23492 Pimcore has a Blind SQL Injection in Admin Search Find API due to an incomplete fix for CVE-2023-30848 — pimcore 8.8 High2026-01-14
CVE-2025-14770 Shipping Rate By Cities <= 2.0.0 - Unauthenticated SQL Injection via 'city' Parameter — Shipping Rate By Cities 7.5 High2026-01-14
CVE-2026-0678 Shipping Rates by City for WooCommerce <= 1.0.3 - Authenticated (Shop Manager+) SQL Injection via 'cities' Parameter — Shipping Rates by City for WooCommerce 4.9 Medium2026-01-14
CVE-2023-54333 Social-Share-Buttons 2.2.3 - SQL Injection via project_id Parameter — Social-Share-Buttons 8.2 High2026-01-13
CVE-2022-50894 VIAVIWEB Wallpaper Admin 1.0 SQL Injection via edit_gallery_image.php — VIAVIWEB Wallpaper Admin 6.5 Medium2026-01-13
CVE-2022-50892 VIAVIWEB Wallpaper Admin 1.0 - SQL Injection via Login Page — VIAVIWEB Wallpaper Admin 8.2 High2026-01-13
CVE-2023-54340 WorkOrder CMS 0.1.0 - SQL Injection — WorkOrder CMS 8.2 High2026-01-13

Vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) represent 8857 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.