Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) — Vulnerability Class 8868

8868 vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-10396 SourceCodester Pet Grooming Management Software edit_role.php sql injection — Pet Grooming Management Software 7.3 High2025-09-14
CVE-2025-10387 codesiddhant Jasmin Ransomware handshake.php sql injection — Jasmin Ransomware 6.3 Medium2025-09-14
CVE-2025-27240 Secondary-order SQL injection in Zabbix Server when deleting an autoregistered host — Zabbix 7.2 -2025-09-12
CVE-2025-10266 NewType Infortech|NUP Portal - SQL Injection — NUP Portal 9.8 Critical2025-09-12
CVE-2025-9807 The Events Calendar <= 6.15.1 - Unauthenticated SQL Injection — The Events Calendar 7.5 High2025-09-12
CVE-2025-10251 FoxCMS Images.php batchCope sql injection — FoxCMS 6.3 Medium2025-09-11
CVE-2025-40692 SQL injection in PHPGurukul Online Fire Reporting System — Online Fire Reporting System 9.8AICriticalAI2025-09-11
CVE-2025-40691 SQL injection in PHPGurukul Online Fire Reporting System — Online Fire Reporting System 9.8AICriticalAI2025-09-11
CVE-2025-40690 SQL injection in PHPGurukul Online Fire Reporting System — Online Fire Reporting System 9.8AICriticalAI2025-09-11
CVE-2025-40689 SQL injection in PHPGurukul Online Fire Reporting System — Online Fire Reporting System 9.8AICriticalAI2025-09-11
CVE-2025-40687 SQL injection in PHPGurukul Online Fire Reporting System — Online Fire Reporting System 9.8AICriticalAI2025-09-11
CVE-2025-9451 Smartcat Translator for WPML <= 3.1.72 - Authenticated (Author+) SQL Injection via orderby Parameter — Smartcat Translator for WPML 6.5 Medium2025-09-11
CVE-2025-8692 Coupon API <= 6.2.12 - Authenticated (Administrator+) SQL Injection via 'log_duration' — Coupon API 4.9 Medium2025-09-11
CVE-2025-9073 All in one Minifier <= 3.2 - Unauthenticated SQL Injection — All in one Minifier 7.5 High2025-09-11
CVE-2025-9776 CatFolders – Tame Your WordPress Media Library by Category <= 2.5.2 - Authenticated (Author+) SQL Injection via CSV Import — CatFolders – WordPress Media Library Folders & Categories 6.5 Medium2025-09-11
CVE-2025-10218 lostvip-com ruoyi-go Background Management SysRoleDao.go SelectListPage sql injection — ruoyi-go 6.3 Medium2025-09-10
CVE-2025-10210 yanyutao0402 ChanCMS Api.js search sql injection — ChanCMS 6.3 Medium2025-09-10
CVE-2025-9943 Unauthenticated SQL Injection Vulnerability in Shibboleth Service Provider — Service Provider 9.1AICriticalAI2025-09-10
CVE-2025-10142 PagBank / PagSeguro Connect para WooCommerce <= 4.44.3 - Authenticated (Shop Manager+) SQL Injection — PagBank / PagSeguro Connect para WooCommerce 4.9 Medium2025-09-10
CVE-2025-7826 Testimonial <= 2.3 - Authenticated (Contributor+) SQL Injection — Testimonial 6.5 Medium2025-09-10
CVE-2025-6189 Duplicate Page and Post <= 2.9.5 - Authenticated (Contributor+) SQL Injection via meta_key Parameter — Duplicate Page and Post 6.5 Medium2025-09-10
CVE-2025-9463 Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net <= 1.117.5 - Authenticated (Contributor+) SQL Injection via order_by Parameter — PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net, NMI) 6.5 Medium2025-09-10
CVE-2025-10197 HJSoft HCM Human Resources Management System downlawbase sql injection — HCM Human Resources Management System 6.3 Medium2025-09-10
CVE-2025-58448 rAthena has SQL Injection in PartyBooking component via `WorldName` parameter. — rathena 9.1 Critical2025-09-09
CVE-2025-58462 OPEXUS FOIAXpress PAL SQL injection — FOIAXpress Public Access Link (PAL) 9.8 Critical2025-09-09
CVE-2025-58993 WordPress Tutor LMS Plugin <= 3.7.4 - SQL Injection Vulnerability — Tutor LMS 7.6 High2025-09-09
CVE-2025-47569 WordPress WooCommerce Ultimate Gift Card plugin <= 2.9.6 - SQL Injection vulnerability — WooCommerce Ultimate Gift Card 9.3 Critical2025-09-09
CVE-2025-59008 WordPress ZIP Code Based Content Protection plugin <= 1.0.0 - SQL Injection vulnerability — ZIP Code Based Content Protection 7.6 High2025-09-09
CVE-2025-10095 SQL injection in SMPP component of SMSEagle firmware — SMSEagle 9.8AICriticalAI2025-09-09
CVE-2025-10122 Maccms10 Database.php rep sql injection — Maccms10 4.7 Medium2025-09-09

Vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) represent 8868 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.