Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) — Vulnerability Class 8815

8815 vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-5018 code-projects Simple Food Order System Parameter register-router.php sql injection — Simple Food Order System 7.3 High2026-03-28
CVE-2026-5017 code-projects Simple Food Order System Parameter all-tickets.php sql injection — Simple Food Order System 7.3 High2026-03-28
CVE-2026-4996 Sinaptik AI PandasAI pandasai-lancedb Extension lancedb.py get_relevant_docs_by_id sql injection — PandasAI 7.3 High2026-03-28
CVE-2026-33991 WeGIA has SQL Injection in deletar_tag.php — WeGIA 8.8 High2026-03-27
CVE-2026-34386 Fleet vulnerable to SQL injection in MDM bootstrap package by authenticated team or global admin — fleet 6.5 -2026-03-27
CVE-2026-34385 Fleet's Apple MDM profile delivery has second-order SQL injection that can compromise the database — fleet 8.8 -2026-03-27
CVE-2026-4970 code-projects Social Networking Site Endpoint delete_photos.php sql injection — Social Networking Site 6.3 Medium2026-03-27
CVE-2026-34374 AVideo has SQL Injection in Live_schedule::keyExists() via Unparameterized Stream Key — AVideo 9.1 Critical2026-03-27
CVE-2026-4966 itsourcecode Free Hotel Reservation System index.php sql injection — Free Hotel Reservation System 6.3 Medium2026-03-27
CVE-2026-33770 AVideo has SQL Injection in category.php fixCleanTitle() via Unparameterized clean_title and id Variables — AVideo 9.8 -2026-03-27
CVE-2026-33767 AVideo has SQL Injection via Partial Prepared Statement — videos_id Concatenated Directly into Query — AVideo 9.8 -2026-03-27
CVE-2026-4956 Shenzhen Ruiming Technology Streamax Crocus Parameter DevicePrint.do sql injection — Streamax Crocus 7.3 High2026-03-27
CVE-2026-4955 Shenzhen Ruiming Technology Streamax Crocus OperateStatistic.do sql injection — Streamax Crocus 7.3 High2026-03-27
CVE-2026-4954 mingSoft MCMS Web Content List Endpoint ContentAction.java list sql injection — MCMS 6.3 Medium2026-03-27
CVE-2026-33755 Authenticated SQL Injection in Contact/query addressBookIds filter — groupoffice 8.8 High2026-03-27
CVE-2026-24031 Open-Xchange OX Dovecot Pro 安全漏洞 — OX Dovecot Pro 7.7 High2026-03-27
CVE-2026-4910 Shenzhen Ruiming Technology Streamax Crocus Endpoint RemoteFormat.do sql injection — Streamax Crocus 7.3 High2026-03-27
CVE-2026-4908 code-projects Simple Laundry System Parameter modstaffinfo.php sql injection — Simple Laundry System 7.3 High2026-03-27
CVE-2026-33545 MobSF has SQL Injection in its SQLite Database Viewer Utils — Mobile-Security-Framework-MobSF 5.3 Medium2026-03-26
CVE-2026-33531 InvenTree has Path Traversal In Report Templates — InvenTree 4.9 -2026-03-26
CVE-2026-33153 Tandoor Recipes's Unauthenticated Debug Parameter Leaks Full Raw SQL Queries Including Schema, Table Names, and Access Control Logic — recipes 6.5 -2026-03-26
CVE-2026-33505 Ory Keto has a SQL injection via forged pagination tokens — keto 7.2 High2026-03-26
CVE-2026-33504 Ory Hydra has a SQL injection via forged pagination tokens — hydra 7.2 High2026-03-26
CVE-2026-33503 Ory Kratos has a SQL injection via forged pagination tokens — kratos 7.2 High2026-03-26
CVE-2026-33468 Kysely has a MySQL SQL Injection via Insufficient Backslash Escaping in `sql.lit(string)` usage or similar methods that append string literal values into the compiled SQL strings — kysely 8.1 High2026-03-26
CVE-2026-33442 Kysely has a MySQL SQL Injection via Backslash Escape Bypass in non-type-safe usage of JSON path keys. — kysely 8.1 High2026-03-26
CVE-2026-2511 JS Help Desk – AI-Powered Support & Ticketing System <= 3.0.4 - Unauthenticated SQL Injection via 'multiformid' Parameter — JS Help Desk – AI-Powered Support & Ticketing System 7.5 High2026-03-26
CVE-2026-4876 itsourcecode Free Hotel Reservation System index.php sql injection — Free Hotel Reservation System 6.3 Medium2026-03-26
CVE-2018-25209 OpenBiz Cubi Lite 3.0.8 SQL Injection via username Parameter — OpenBiz Cubi Lite 8.2 High2026-03-26
CVE-2018-25208 qdPM 9.1 SQL Injection via filter_by Parameters — qdPM 8.2 High2026-03-26

Vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) represent 8815 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.