Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) — Vulnerability Class 8827

8827 vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-5736 PowerJob detailPlus Endpoint InstanceController.java sql injection — PowerJob 7.3 High2026-04-07
CVE-2026-39319 ChurchCRM has a Second Order SQLI via FundRaiserEditor.php — CRM 8.8 High2026-04-07
CVE-2026-39343 ChurchCRM has a SQL Injection in Event Type Editor (Admin) — CRM 7.2 High2026-04-07
CVE-2026-39342 ChurchCRM has a SQL injection searchwhat parameter via QueryView.php — CRM 8.8AIHighAI2026-04-07
CVE-2026-39341 SQL injection in ChurchCRM.0 — CRM 8.1 High2026-04-07
CVE-2026-39340 ChurchCRM has a SQL Injection in PropertyTypeEditor.php via Incorrect Sanitizer Substitution — CRM 8.1 High2026-04-07
CVE-2026-39334 ChurchCRM has a Blind SQL injection in SettingsIndividual.php — CRM 8.8 High2026-04-07
CVE-2026-39330 ChurchCRM has a Blind SQL injection in PropertyAssign.php — CRM 8.8 High2026-04-07
CVE-2026-39329 ChurchCRM has a Blind SQL injection in EventNames.php — CRM 8.8 High2026-04-07
CVE-2026-39327 ChurchCRM has a SQL injection in MemberRoleChange.php — CRM 8.8 High2026-04-07
CVE-2026-39326 ChurchCRM has a Blind SQL injection in PropertyTypeEditor.php — CRM 8.8 High2026-04-07
CVE-2026-39325 ChurchCRM has a Blind SQL injection in SettingsUser.php — CRM 7.2 High2026-04-07
CVE-2026-39318 ChurchCRM has a DDL SQL Injection in GroupPropsFormRowOps.php — CRM 8.8 High2026-04-07
CVE-2026-23696 Windmill < 1.603.3 File Ownership Handling SQLi RCE — Windmill CE (Community Edition) 9.9 Critical2026-04-07
CVE-2026-35614 Frappe has a SQL injection in bulk_update — frappe 8.8AIHighAI2026-04-07
CVE-2026-5372 runZero Platform SQL injection in saved queries — Platform 6.4 Medium2026-04-07
CVE-2026-5719 itsourcecode Construction Management System borrowedtool.php sql injection — Construction Management System 6.3 Medium2026-04-07
CVE-2026-35395 WeGIA has a SQL Injection in DespachoDAO.php via id_memorando parameter — WeGIA 8.8 High2026-04-06
CVE-2026-35184 EcclesiaCRM has a Critical SQL Injection — ecclesiacrm 8.8AIHighAI2026-04-06
CVE-2026-5681 itsourcecode sanitize or validate this input Parameter borrowedequip.php sql injection — sanitize or validate this input 6.3 Medium2026-04-06
CVE-2026-5675 itsourcecode Construction Management System Parameter borrowed_tool.php sql injection — Construction Management System 6.3 Medium2026-04-06
CVE-2026-5672 code-projects Simple IT Discussion Forum Parameter edit-category.php sql injection — Simple IT Discussion Forum 7.3 High2026-04-06
CVE-2026-35470 OpenSTAManager has a SQL Injection via righe Parameter in confronta_righe Modals — openstamanager 8.8 High2026-04-06
CVE-2026-5669 Cyber-III Student-Management-System Parameter login.php sql injection — Student-Management-System 7.3 High2026-04-06
CVE-2026-5665 code-projects Online FIR System Login checklogin.php sql injection — Online FIR System 7.3 High2026-04-06
CVE-2026-34885 WordPress Media LIbrary Assistant plugin <= 3.34 - SQL Injection vulnerability — Media LIbrary Assistant 8.5 High2026-04-06
CVE-2026-29047 GLPI has an Authenticated SQL Injection via log exports — glpi 7.2 High2026-04-06
CVE-2026-26263 GLPI has an Unauthenticated SQL Injection via Search engine — glpi 8.1 High2026-04-06
CVE-2026-5660 itsourcecode Construction Management System Parameter borrowed_equip.php sql injection — Construction Management System 6.3 Medium2026-04-06
CVE-2026-5649 code-projects Online Application System for Admission Endpoint admsnform.php sql injection — Online Application System for Admission 6.3 Medium2026-04-06

Vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) represent 8827 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.