Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) — Vulnerability Class 8859

8859 vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-3292 jizhiCMS Batch Model.php findAll sql injection — jizhiCMS 6.3 Medium2026-02-27
CVE-2026-3287 youlaitech youlai-mall App-side Product Pagination Endpoint SpuController.java listPagedSpuForApp sql injection — youlai-mall 6.3 Medium2026-02-27
CVE-2026-28226 Phishing Club has Authenticated Blind SQL Injection in GetOrphaned Recipient Listing — phishingclub 6.5 Medium2026-02-26
CVE-2026-3261 itsourcecode School Management System Setting index.php sql injection — School Management System 7.3 High2026-02-26
CVE-2026-22206 SPIP < 4.4.10 SQL Injection RCE via Union & PHP Tags — SPIP 8.8 High2026-02-26
CVE-2026-27149 Discourse has SQL injection in PM tag filtering — discourse 6.5AIMediumAI2026-02-26
CVE-2026-1198 SQL Injection in SIMPLE.ERP — Simple.ERP 8.8AIHighAI2026-02-26
CVE-2026-28136 WordPress WP SMS plugin <= 6.9.12 - SQL Injection vulnerability — WP SMS 7.6 High2026-02-26
CVE-2026-26186 Fleet has a SQL injection via backtick escape in ORDER BY parameter — fleet 8.1AIHighAI2026-02-26
CVE-2026-3200 z-9527 admin user.js getUsers sql injection — admin 7.3 High2026-02-25
CVE-2026-25746 OpenEMR has SQL Injection Vulnerability — openemr 8.8 High2026-02-25
CVE-2026-24908 OpenEMR has SQL Injection in Patient API Sort Parameter — openemr 10.0 Critical2026-02-25
CVE-2026-23627 OpenEMR has SQL Injection in Immunization Search/Report — openemr 8.8AIHighAI2026-02-25
CVE-2026-25554 OpenSIPS 3.1 <= 3.6.4 auth_jwt SQL Injection Enables JWT Authentication Bypass — OpenSIPS 6.5 Medium2026-02-25
CVE-2026-27847 Missing authentication in Linksys MR9600, Linksys MX4200 — MR9600 9.8AICriticalAI2026-02-25
CVE-2026-3118 Rhdh: graphql injection leading to platform-wide denial of service (dos) in rh developer hub orchestrator plugin — Red Hat Developer Hub 1.8 6.5 Medium2026-02-25
CVE-2026-2416 Geo Mashup <= 1.13.17 - Unauthenticated SQL Injection via 'sort' Parameter — Geo Mashup 7.5 High2026-02-25
CVE-2026-3164 itsourcecode News Portal Project contactus.php sql injection — News Portal Project 7.3 High2026-02-25
CVE-2026-3153 itsourcecode Document Management System register.php sql injection — Document Management System 7.3 High2026-02-25
CVE-2026-3152 itsourcecode College Management System teacher-salary.php sql injection — College Management System 7.3 High2026-02-25
CVE-2026-3151 itsourcecode College Management System login.php sql injection — College Management System 7.3 High2026-02-25
CVE-2026-3150 itsourcecode College Management System display-teacher.php sql injection — College Management System 6.3 Medium2026-02-25
CVE-2026-3149 itsourcecode College Management System asign-single-student-subjects.php sql injection — College Management System 6.3 Medium2026-02-25
CVE-2026-3148 SourceCodester Simple and Nice Shopping Cart Script signup.php sql injection — Simple and Nice Shopping Cart Script 7.3 High2026-02-25
CVE-2026-27743 SPIP referer_spam <= 1.2.1 Unauthenticated SQL Injection — referer_spam 9.8 Critical2026-02-25
CVE-2026-27747 SPIP interface_traduction_objets < 2.2.2 Authenticated SQL Injection — interface_traduction_objets 8.8 High2026-02-25
CVE-2026-3135 itsourcecode News Portal Project add-category.php sql injection — News Portal Project 7.3 High2026-02-25
CVE-2026-3134 itsourcecode News Portal Project edit-category.php sql injection — News Portal Project 7.3 High2026-02-24
CVE-2026-3133 itsourcecode Document Management System Login loging.php sql injection — Document Management System 7.3 High2026-02-24
CVE-2026-21410 InSAT MasterSCADA BUK-TS SQL Injection — MasterSCADA BUK-TS 9.8 Critical2026-02-24

Vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) represent 8859 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.