Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) — Vulnerability Class 8861

8861 vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2020-37151 phpMyChat Plus 1.98 'deluser.php' SQL Injection — phpMyChat Plus 8.2 High2026-02-05
CVE-2025-13379 A SQL Injection vulnerability has been addressed in IBM Aspera Console — Aspera Console 8.6 High2026-02-05
CVE-2026-1517 iomad Company Admin Block sql injection — iomad 4.7 Medium2026-02-05
CVE-2025-13192 Popup builder with Gamification <= 2.2.0 - Unauthenticated SQL Injection via Multiple REST API Endpoints — Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers 8.2 High2026-02-04
CVE-2026-25513 FacturaScripts has SQL Injection vulnerability in API ORDER BY Clause — facturascripts 8.8AIHighAI2026-02-04
CVE-2025-69215 OpenSTAManager has an SQL Injection in the Stampe Module — openstamanager 8.8AIHighAI2026-02-04
CVE-2025-69213 OpenSTAManager has a SQL Injection in ajax_complete.php (get_sedi endpoint) — openstamanager 8.8AIHighAI2026-02-04
CVE-2026-22044 GLPI is Vulnerable to Authenticated SQL Injection — glpi 6.5 Medium2026-02-04
CVE-2025-5329 SQLi in Martcode Software's Delta Course Automation — Delta Course Automation 9.8 Critical2026-02-04
CVE-2026-0816 All push notification for WP <= 1.5.3 - Authenticated (Administrator+) SQL Injection via 'delete_id' Parameter — All push notification for WP 4.9 Medium2026-02-04
CVE-2026-1370 SIBS - WooCommerce <= 2.2.0 - Authenticated (Admin+) SQL Injection via 'referencedId' Parameter — SIBS woocommerce payment gateway 4.9 Medium2026-02-04
CVE-2025-15268 Infility Global <= 2.14.46 - Unauthenticated SQL Injection via Predictable API Key and IP Whitelist Bypass — Infility Global 7.5 High2026-02-04
CVE-2020-37089 School ERP Pro 1.0 - 'es_messagesid' SQL Injection — School ERP Pro 8.2 High2026-02-03
CVE-2020-37083 addressbook 9.0.0.1 - 'id' SQL Injection — PHP Address Book 8.2 High2026-02-03
CVE-2020-37081 Fishing Reservation System 7.5 - 'uid' SQL Injection — Fishing Reservation System 7.1 High2026-02-03
CVE-2020-37076 Victor CMS 1.0 - 'post' SQL Injection — CMSsite 8.2 High2026-02-03
CVE-2019-25260 OXID eShop 6.3.4 - 'sorting' SQL Injection — OXID eShop 8.2 High2026-02-03
CVE-2026-25241 PEAR is Vulnerable to SQL Injection in /get/<package>/<version> Endpoint — pearweb 9.8AICriticalAI2026-02-03
CVE-2026-25240 PEAR is Vulnerable to SQL Injection in user::maintains() Role IN() Filter — pearweb 8.8AIHighAI2026-02-03
CVE-2026-25239 PEAR is Vulnerable to SQL Injection in apidoc_queue Insert via Unescaped Filename — pearweb 9.1AICriticalAI2026-02-03
CVE-2026-25238 PEAR is Vulnerable to SQL Injection in Bug Subscription Deletion via Weak Email Validation — pearweb 9.8AICriticalAI2026-02-03
CVE-2026-25236 PEAR is Vulnerable to SQL Injection in Damblan_Karma IN() Query via Literal Substitution — pearweb 9.8AICriticalAI2026-02-03
CVE-2026-25234 PEAR is Vulnerable to SQL Injection in Category Deletion — pearweb 8.8AIHighAI2026-02-03
CVE-2020-37112 GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection — GUnet OpenEclass 7.1 High2026-02-03
CVE-2020-37108 PhpIX 2012 Professional - 'id' SQL Injection — PhpIX 2012 Professional 7.1 High2026-02-03
CVE-2020-37110 60CycleCMS 2.5.2 - 'news.php' SQL Injection Vulnerability — 60CycleCMS 8.2 High2026-02-03
CVE-2020-37105 PMB 5.6 - 'logid' SQL Injection — PMB 7.1 High2026-02-03
CVE-2026-1312 Potential SQL injection via QuerySet.order_by and FilteredRelation — Django 9.8 -2026-02-03
CVE-2026-1287 Potential SQL injection in column aliases via control characters — Django 9.8 -2026-02-03
CVE-2026-1207 Potential SQL injection via raster lookups on PostGIS — Django 9.8 -2026-02-03

Vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) represent 8861 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.