Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) — Vulnerability Class 8845

8845 vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-58316 Online Shopping System Advanced 1.0 SQL Injection via Payment Success Parameter — online-shopping-system-advanced 7.5 High2025-12-12
CVE-2025-14578 itsourcecode Student Management System update_account.php sql injection — Student Management System 7.3 High2025-12-12
CVE-2025-14571 projectworlds Advanced Library Management System borrow_book.php sql injection — Advanced Library Management System 7.3 High2025-12-12
CVE-2025-14570 projectworlds Advanced Library Management System view_admin.php sql injection — Advanced Library Management System 7.3 High2025-12-12
CVE-2025-14568 haxxorsid Stock-Management-System User.php sql injection — Stock-Management-System 6.3 Medium2025-12-12
CVE-2025-14566 kidaze CourseSelectionSystem reg.php sql injection — CourseSelectionSystem 7.3 High2025-12-12
CVE-2025-14565 kidaze CourseSelectionSystem login1.php sql injection — CourseSelectionSystem 7.3 High2025-12-12
CVE-2025-14169 FunnelKit – Funnel Builder for WooCommerce Checkout <= 3.13.1.5 - Unauthenticated SQL Injection — FunnelKit – Funnel Builder for WooCommerce Checkout 7.5 High2025-12-12
CVE-2025-14068 WPNakama <= 0.6.3 - Unauthenticated SQL Injection via 'order_by' Parameter — WPNakama – Team and multi-Client Collaboration, Editorial and Project Management 7.5 High2025-12-12
CVE-2025-62192 Japan Total System多款产品 SQL注入漏洞 — GroupSession Free edition 8.1AIHighAI2025-12-12
CVE-2024-58309 xbtitFM 4.1.18 Unauthenticated SQL Injection in shoutedit.php — xbtitFM 9.8AICriticalAI2025-12-11
CVE-2024-58308 Quick.CMS 6.7 SQL Injection Authentication Bypass via Admin Login — Quick.CMS 9.8AICriticalAI2025-12-11
CVE-2024-58307 CSZCMS 1.3.0 Authenticated SQL Injection via Members View Endpoint — CSZCMS 8.1AIHighAI2025-12-11
CVE-2024-58301 Purei CMS 1.0 SQL Injection via Multiple Vulnerable Endpoints — Purei CMS 9.1AICriticalAI2025-12-11
CVE-2024-58290 Xhibiter NFT Marketplace 1.10.2 SQL Injection via Collections Endpoint — Xhibiter NFT Marketplace 9.1AICriticalAI2025-12-11
CVE-2025-14537 code-projects Class and Exam Timetable Management preview7.php sql injection — Class and Exam Timetable Management 7.3 High2025-12-11
CVE-2025-14536 code-projects Class and Exam Timetable Management Login index.php sql injection — Class and Exam Timetable Management 7.3 High2025-12-11
CVE-2025-13214 IBM Aspera Orchestrator SQL Injection — Aspera Orchestrator 7.6 High2025-12-11
CVE-2025-14529 Campcodes Retro Basketball Shoes Online Store admin_running.php sql injection — Retro Basketball Shoes Online Store 7.3 High2025-12-11
CVE-2025-14527 projectworlds Advanced Library Management System view_book.php sql injection — Advanced Library Management System 7.3 High2025-12-11
CVE-2025-14515 Campcodes Supplier Management System add_unit.php sql injection — Supplier Management System 7.3 High2025-12-11
CVE-2025-14514 Campcodes Supplier Management System add_distributor.php sql injection — Supplier Management System 7.3 High2025-12-11
CVE-2025-10163 List Category Posts <= 0.91.0 - Authenticated (Contributor+) SQL Injection via Plugin's Shortcode — List category posts 6.5 Medium2025-12-11
CVE-2025-67644 LangGraph SQLite Checkpoint is vulnerable to SQL Injection via metadata filter key in checkpointer list method — langgraph 7.3 High2025-12-10
CVE-2025-65950 WBCE CMS is Vulnerable to Time-Based Blind SQL Injection through groups[] Parameter — WBCE_CMS 8.8AIHighAI2025-12-10
CVE-2025-67501 WeGIA is vulnerable to SQL Injection via editar_categoria endpoint parameter — WeGIA 8.8AIHighAI2025-12-09
CVE-2021-47708 COMMAX Smart Home IoT Control System SQL Injection Authentication Bypass — Smart Home IoT Control System 9.8AICriticalAI2025-12-09
CVE-2021-47704 OpenBMCS SQL Injection via obix_test.php — OpenBMCS 6.5AIMediumAI2025-12-09
CVE-2025-14337 itsourcecode Student Management System new_grade.php sql injection — Student Management System 7.3 High2025-12-09
CVE-2025-14336 itsourcecode Student Management System promote.php sql injection — Student Management System 7.3 High2025-12-09

Vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) represent 8845 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.