Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) — Vulnerability Class 8859

8859 vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-28443 OpenReplay: SQL injection in cards/search via unvalidated sort field parameter — openreplay 9.8 -2026-03-05
CVE-2026-29081 Frappe: Possibility of SQL Injection due to improper fieldname sanitization — frappe 6.5 Medium2026-03-05
CVE-2026-28284 FreePBX: Authenticated SQL Injection Vulnerabilities in FreePBX Logfiles Module — security-reporting 8.8 -2026-03-05
CVE-2026-28210 FreePBX: Authenticated SQL Injection in CDR (Call Data Record) Reports — security-reporting 8.8 -2026-03-05
CVE-2026-2893 Page and Post Clone <= 6.3 - Authenticated (Contributor+) SQL Injection via 'meta_key' Parameter — Fast Page & Post Duplicator 6.5 Medium2026-03-05
CVE-2026-28115 WordPress WP Attractive Donations System - Easy Stripe & Paypal donations plugin <= 1.25 - SQL Injection vulnerability — WP Attractive Donations System - Easy Stripe & Paypal donations 9.3 Critical2026-03-05
CVE-2026-27428 WordPress Eagle Booking plugin <= 1.3.4.3 - SQL Injection vulnerability — Eagle Booking 8.5 High2026-03-05
CVE-2026-27373 WordPress Tablesome plugin <= 1.2.3 - SQL Injection vulnerability — Tablesome 8.5 High2026-03-05
CVE-2025-69338 WordPress Riode Core plugin <= 1.6.26 - SQL Injection vulnerability — Riode Core 9.3 Critical2026-03-05
CVE-2026-3523 Apocalypse Meow <= 22.1.0 - Authenticated (Administrator+) SQL Injection via 'type' Parameter — Apocalypse Meow 4.9 Medium2026-03-05
CVE-2026-20003 Cisco Secure Firewall Management Center SQL注入漏洞 — Cisco Secure Firewall Management Center (FMC) 4.9 Medium2026-03-04
CVE-2026-20002 Cisco Secure Firewall Management Center SQL注入漏洞 — Cisco Secure Firewall Management Center (FMC) 8.1 High2026-03-04
CVE-2019-25507 Ashop Shopping Cart Software Lastest SQL Injection via index.php — Ashop Shopping Cart Software 8.2 High2026-03-04
CVE-2019-25506 FreeSMS 2.1.2 Authentication Bypass via SQL Injection — FreeSMS 8.2 High2026-03-04
CVE-2019-25505 Tradebox 5.4 SQL Injection via symbol Parameter — Tradebox 7.1 High2026-03-04
CVE-2019-25504 NCrypted Jobgator Lastest SQL Injection via agents Find-Jobs — NCrypted Jobgator 8.2 High2026-03-04
CVE-2019-25503 PHPads 2.0 SQL Injection via click.php3 bannerID — PHPads 7.1 High2026-03-04
CVE-2019-25501 Simple Job Script SQL Injection via delete_application_ajax.php — Simple Job Script 8.2 High2026-03-04
CVE-2019-25499 Simple Job Script SQL Injection via get_job_applications_ajax.php — Simple Job Script 8.2 High2026-03-04
CVE-2019-25500 Simple Job Script SQL Injection via register-recruiters endpoint — Simple Job Script 8.2 High2026-03-04
CVE-2019-25498 Simple Job Script SQL Injection via searched Endpoint — Simple Job Script 8.2 High2026-03-04
CVE-2026-20001 Cisco Secure Firewall Management Center Software SQL Injection Vulnerabilities — Cisco Secure Firewall Management Center (FMC) 6.5 Medium2026-03-04
CVE-2023-7337 JS Help Desk – AI-Powered Support & Ticketing System 2.8.2 - Unauthenticated SQL Injection via 'js-support-ticket-token-tkstatus' Cookie — JS Help Desk – AI-Powered Support & Ticketing System 7.5 High2026-03-04
CVE-2026-2363 WP-Members Membership Plugin <= 3.5.5.1 - Authenticated (Contributor+) SQL Injection via 'order_by' Shortcode Attribute — WP-Members Membership Plugin 6.5 Medium2026-03-04
CVE-2026-1651 Email Subscribers & Newsletters <= 5.9.16 - Authenticated (Administrator+) SQL Injection via 'workflow_ids' Parameter — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress 6.5 Medium2026-03-04
CVE-2026-3487 itsourcecode College Management System class-result.php sql injection — College Management System 4.7 Medium2026-03-03
CVE-2026-3486 itsourcecode College Management System student-fee.php sql injection — College Management System 4.7 Medium2026-03-03
CVE-2026-1487 LatePoint <= 5.2.7 - Authenticated (Administrator+) SQL Injection via JSON Import — LatePoint – Calendar Booking Plugin for Appointments and Events 6.5 Medium2026-03-03
CVE-2026-3180 Contest Gallery <= 28.1.4 - Unauthenticated SQL Injection — Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe 7.5 High2026-03-02
CVE-2026-28399 NocoDB: SQL Injection via DATEADD Formula — nocodb 8.8AIHighAI2026-03-02

Vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) represent 8859 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.