CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) — Vulnerability Class 8858

8858 vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-3705	code-projects Simple Flight Ticket Booking System Adminsearch.php sql injection — Simple Flight Ticket Booking System	7.3	High	2026-03-08
CVE-2026-3672	JeecgBoot getDictItems isExistSqlInjectKeyword sql injection — JeecgBoot	6.3	Medium	2026-03-07
CVE-2026-30860	WeKnora: Remote Code Execution via SQL Injection Bypass in AI Database Query Tool — WeKnora	10.0	Critical	2026-03-07
CVE-2026-2429	Community Events <= 1.5.8 - Authenticated (Administrator+) SQL Injection via 'ce_venue_name' CSV Field — Community Events	4.9	Medium	2026-03-07
CVE-2025-14353	ZIP Code Based Content Protection <= 1.0.2 - Unauthenticated SQL Injection via 'zipcode' Parameter — ZIP Code Based Content Protection	7.5	High	2026-03-07
CVE-2018-25199	OOP CMS BLOG 1.0 SQL Injection via search parameter — OOP CMS BLOG	8.2	High	2026-03-06
CVE-2018-25197	PlayJoom 0.10.1 SQL Injection via catid Parameter — PlayJoom	8.2	High	2026-03-06
CVE-2018-25196	ServerZilla 1.0 SQL Injection via email Parameter — ServerZilla	8.2	High	2026-03-06
CVE-2018-25192	GPS Tracking System 2.12 SQL Injection via username Parameter — GPS Tracking System	8.2	High	2026-03-06
CVE-2018-25191	Facturation System 1.0 SQL Injection via editar_producto.php — Facturation System	7.1	High	2026-03-06
CVE-2018-25189	Data Center Audit 2.6.2 SQL Injection via username Parameter — Data Center Audit	8.2	High	2026-03-06
CVE-2018-25188	Webiness Inventory 2.3 SQL Injection via WsModelGrid.php — Webiness Inventory	8.2	High	2026-03-06
CVE-2018-25187	Tina4 Stack 1.0.3 SQL Injection and Database File Download — Tina4 Stack	8.2	High	2026-03-06
CVE-2018-25182	Silurus Classifieds Script 2.0 SQL Injection via wcategory.php — Silurus Classifieds Script	8.2	High	2026-03-06
CVE-2018-25180	Maitra 1.7.2 SQL Injection and Database File Download — Maitra	7.1	High	2026-03-06
CVE-2018-25179	Gumbo CMS 0.99 SQL Injection via settings endpoint — Gumbo CMS	8.2	High	2026-03-06
CVE-2018-25175	Alienor Web Libre 2.0 SQL Injection via index.php — Alienor Web Libre	8.2	High	2026-03-06
CVE-2018-25173	Rmedia SMS 1.0 SQL Injection via editgrp.php — Rmedia SMS	8.2	High	2026-03-06
CVE-2018-25172	Pedidos 1.0 SQL Injection via load_proveedores.php — Pedidos	8.2	High	2026-03-06
CVE-2018-25167	Net-Billetterie 2.9 SQL Injection via login.inc.php — Billetterie	8.2	High	2026-03-06
CVE-2018-25166	Meneame English Pligg 5.8 SQL Injection via search Parameter — Meneame English Pligg	8.2	High	2026-03-06
CVE-2018-25165	Galaxy Forces MMORPG 0.5.8 SQL Injection via ads.php — Galaxy Forces MMORPG	7.1	High	2026-03-06
CVE-2018-25163	BitZoom 1.0 SQL Injection via rollno Parameter — BitZoom	8.2	High	2026-03-06
CVE-2018-25161	Warranty Tracking System 11.06.3 SQL Injection via SearchCustomer.php — Warranty Tracking System	8.2	High	2026-03-06
CVE-2026-28438	CocoIndex Doris target connector didn't verify table name when constructing ALTER TABLE statements — cocoindex	8.8	-	2026-03-06
CVE-2026-28785	Ghostfolio: Time-Based Blind SQL Injection in Manual Asset Import — ghostfolio	8.8	-	2026-03-06
CVE-2026-27005	Chartbrew: SQL injection in date-type variable handling (applyMysqlOrPostgresVariables) — chartbrew	9.1	-	2026-03-06
CVE-2026-28501	WWBN AVideo: Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php — AVideo	9.8	Critical	2026-03-06
CVE-2026-3616	DefaultFuction Jeson Customer Relationship Management System edit.php sql injection — Jeson Customer Relationship Management System	6.3	Medium	2026-03-06
CVE-2026-28443	OpenReplay: SQL injection in cards/search via unvalidated sort field parameter — openreplay	9.8	-	2026-03-05

Vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) represent 8858 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) — Vulnerability Class 8858