Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) — Vulnerability Class 8832

8832 vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-34612 Kestra: Remote Code Execution via SQL Injection — kestra 10.0 Critical2026-04-03
CVE-2026-34788 Emlog: SQL Injection in tag_model::updateTagName() via unsanitized parameters — emlog 6.5 Medium2026-04-03
CVE-2026-27885 Piwigo: SQL Injection in Activity.getList — Piwigo 7.2 High2026-04-03
CVE-2026-27834 Piwigo: SQL Injection in pwg.users.getList API Method via filter Parameter — Piwigo 7.2 High2026-04-03
CVE-2026-27634 Piwigo: Pre-auth SQL injection via date filter parameters in ws_std_image_sql_filter — Piwigo 7.5AIHighAI2026-04-03
CVE-2026-25773 Focalboard Second-Order SQL Injection in category reorder endpoint allows data exfiltration (unsupported product, no fix) — Focalboard 8.1 High2026-04-03
CVE-2026-34825 NocoBase Has SQL Injection via template variable substitution in workflow SQL node — nocobase 8.8AIHighAI2026-04-02
CVE-2026-34717 OpenProject: SQL Injection in Cost Reporting =n Operator via parse_number_string — openproject 9.9 Critical2026-04-02
CVE-2026-5368 projectworlds Car Rental Project Parameter login.php sql injection — Car Rental Project 7.3 High2026-04-02
CVE-2026-35168 OpenSTAManager: SQL Injection via Aggiornamenti Module — openstamanager 8.8 High2026-04-02
CVE-2026-5334 itsourcecode Online Enrollment System Parameter index.php sql injection — Online Enrollment System 7.3 High2026-04-02
CVE-2026-28805 OpenSTAManager: Time-Based Blind SQL Injection via `options[stato]` Parameter — openstamanager 8.8 High2026-04-02
CVE-2026-5328 shsuishang modulithshop ProductItemDao ProductIndexServiceImpl.java listItem sql injection — modulithshop 6.3 Medium2026-04-02
CVE-2026-33616 MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the mb24api Endpoint — mbCONNECT24 7.5 High2026-04-02
CVE-2026-33615 MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the setinfo Endpoint — mbCONNECT24 9.1 Critical2026-04-02
CVE-2026-33614 MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the getinfo endpoint — mbCONNECT24 7.5 High2026-04-02
CVE-2026-5322 AlejandroArciniegas mcp-data-vis MCP server.js request sql injection — mcp-data-vis 7.3 High2026-04-02
CVE-2026-34455 Hi.Events: SQL Injection via Unvalidated sort_by Query Parameter in Multiple Repository Classes — Hi.Events 9.8AICriticalAI2026-04-01
CVE-2026-34747 Payload has an SQL Injection via Query Handling — payload 8.5 High2026-04-01
CVE-2026-21630 Joomla! Core - [20260302] - SQL injection in com_content articles webservice endpoint — Joomla! CMS 9.8AICriticalAI2026-04-01
CVE-2026-5257 code-projects Simple Laundry System Parameter delstaffinfo.php sql injection — Simple Laundry System 7.3 High2026-04-01
CVE-2026-5256 code-projects Simple Laundry System Parameter modify.php sql injection — Simple Laundry System 7.3 High2026-04-01
CVE-2025-13855 IBM Storage Protect Server is affected by a vulnerability that could allow authenticated users to access administrative metadata through the JSON-RPC endpoint . — Storage Protect Server 7.6 High2026-04-01
CVE-2026-5238 itsourcecode Payroll Management System Parameter view_employee.php sql injection — Payroll Management System 7.3 High2026-03-31
CVE-2026-4668 Amelia <= 2.1.2 - Authenticated (Manager+) SQL Injection via 'sort' Parameter — Booking for Appointments and Events Calendar – Amelia 6.5 Medium2026-03-31
CVE-2026-5237 itsourcecode Payroll Management System Parameter manage_user.php sql injection — Payroll Management System 7.3 High2026-03-31
CVE-2026-34400 alerta-server has potential SQL Injection vulnerability in Query String Syntax (q=) API — alerta 9.8 -2026-03-31
CVE-2026-5206 code-projects Simple Gym Management System Payment sql injection — Simple Gym Management System 6.3 Medium2026-03-31
CVE-2026-34220 MikroORM is vulnerable to SQL Injection via specially crafted object — mikro-orm 9.8AICriticalAI2026-03-31
CVE-2026-5198 code-projects Student Membership System Admin Login index.php sql injection — Student Membership System 7.3 High2026-03-31

Vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) represent 8832 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.