Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) — Vulnerability Class 8859

8859 vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-3956 xierongwkhd weimai-wetapp Admin_AdminUserController.java getAdmins sql injection — weimai-wetapp 4.7 Medium2026-03-11
CVE-2026-32234 Parse Server has a SQL injection via query field name when using PostgreSQL — parse-server 8.8AIHighAI2026-03-11
CVE-2026-31896 WeGIA has a Time-Based Blind SQL Injection in remover_produto_ocultar.php — WeGIA 9.8 Critical2026-03-11
CVE-2026-31895 WeGIA has a SQL Injection via Direct Query Interpolation in restaurar_produto.php — WeGIA 8.8 High2026-03-11
CVE-2026-31877 Frappe SQL Injection due to improper field sanitization — frappe 7.5AIHighAI2026-03-11
CVE-2019-25486 Varient 1.6.1 SQL Injection via user_id Parameter — Varient SQL Inj. 8.2 High2026-03-11
CVE-2026-31871 Parse Server has a SQL Injection via dot-notation sub-key name in `Increment` operation on PostgreSQL — parse-server 9.8AICriticalAI2026-03-11
CVE-2026-31858 CraftCMS's `ElementSearchController` Affected by Blind SQL Injection — cms 6.5AIMediumAI2026-03-11
CVE-2026-31856 Parse Server has a SQL injection via `Increment` operation on nested object field in PostgreSQL — parse-server 9.1AICriticalAI2026-03-11
CVE-2026-31840 Parse Server has a SQL injection via dot-notation field name in PostgreSQL — parse-server 9.8AICriticalAI2026-03-11
CVE-2026-3496 JetBooking <= 4.0.3 - Unauthenticated SQL Injection via 'check_in_date' Parameter — JetBooking 7.5 High2026-03-11
CVE-2026-3944 itsourcecode University Management System att_add.php sql injection — University Management System 7.3 High2026-03-11
CVE-2024-14025 Video Station — Video Station 7.2AIHighAI2026-03-11
CVE-2026-1708 Appointment Booking Calendar <= 1.6.9.27 - Unauthenticated SQL Injection via 'append_where_sql' Parameter — Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin 7.5 High2026-03-11
CVE-2026-31844 Authenticated SQL Injection in Koha displayby parameter of suggestion.pl — Koha 8.8 High2026-03-11
CVE-2026-3222 WP Maps <= 4.9.1 - Unauthenticated SQL Injection via 'location_id' Parameter — WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters 7.5 High2026-03-11
CVE-2026-2413 Ally – Web Accessibility & Usability <= 4.0.3 - Unauthenticated SQL Injection via URL Path — Ally – Web Accessibility & Usability 7.5 High2026-03-11
CVE-2026-31825 Sylius has a DQL Injection via API Order Filters — Sylius 5.3 Medium2026-03-10
CVE-2026-30951 Sequelize v6 Vulnerable to SQL Injection via JSON Column Cast Type — sequelize 7.5 High2026-03-10
CVE-2026-29174 Craft Commerce has a SQL Injection in Commerce Inventory Table Sorting — commerce 8.8AIHighAI2026-03-10
CVE-2026-29172 Craft Commerce has a SQL Injection in Commerce Purchasables Table Sorting — commerce 8.8AIHighAI2026-03-10
CVE-2026-26116 SQL Server Elevation of Privilege Vulnerability — Microsoft SQL Server 2025 (CU 2) 8.8 High2026-03-10
CVE-2025-49784 Fortinet FortiAnalyzer和Fortinet FortiAnalyzer-BigData SQL注入漏洞 — FortiAnalyzer-BigData 5.6 Medium2026-03-10
CVE-2026-30930 Glances has SQL Injection via Process Names in TimescaleDB Export — glances 9.8AICriticalAI2026-03-10
CVE-2026-3843 SQL Injection in Nefteprodukttekhnika BUK TS-G Allows Remote Code Execution — BUK TS-G Gas Station Automation System 9.8 Critical2026-03-10
CVE-2026-27684 SQL Injection Vulnerability in SAP NetWeaver (Feedback Notification) — SAP NetWeaver (Feedback Notification) 6.4 Medium2026-03-10
CVE-2026-3818 Tiandy Easy7 CMS Windows GetDBData.jsp sql injection — Easy7 CMS Windows 7.3 High2026-03-09
CVE-2025-40639 SQL injection in Eventobot — Eventobot 9.8AICriticalAI2026-03-09
CVE-2026-3806 SourceCodester/janobe Resort Reservation System room_rates.php sql injection — Resort Reservation System 6.3 Medium2026-03-09
CVE-2026-3793 SourceCodester Sales and Inventory System GET Parameter sales_invoice1.php sql injection — Sales and Inventory System 6.3 Medium2026-03-09

Vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) represent 8859 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.