Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) — Vulnerability Class 8815

8815 vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-5563 AutohomeCorp frostmourne Alarm Preview previewData httpTest sql injection — frostmourne 6.3 Medium2026-04-05
CVE-2026-5560 PHPGurukul Online Shopping Portal Project Parameter payment-method.php sql injection — Online Shopping Portal Project 6.3 Medium2026-04-05
CVE-2026-5558 PHPGurukul PHPGurukul Online Shopping Portal Project Parameter pending-orders.php sql injection — PHPGurukul Online Shopping Portal Project 6.3 Medium2026-04-05
CVE-2026-5555 code-projects Concert Ticket Reservation System Parameter login.php sql injection — Concert Ticket Reservation System 7.3 High2026-04-05
CVE-2026-5554 code-projects Concert Ticket Reservation System Parameter process_search.php sql injection — Concert Ticket Reservation System 7.3 High2026-04-05
CVE-2026-5553 itsourcecode Online Cellphone System Parameter available.php sql injection — Online Cellphone System 6.3 Medium2026-04-05
CVE-2026-5552 PHPGurukul Online Shopping Portal Project Parameter sub-category.php sql injection — Online Shopping Portal Project 6.3 Medium2026-04-05
CVE-2026-5551 itsourcecode Free Hotel Reservation System Parameter login.php sql injection — Free Hotel Reservation System 7.3 High2026-04-05
CVE-2026-5543 PHPGurukul User Registration & Login and User Management System yesterday-reg-users.php sql injection — User Registration & Login and User Management System 6.3 Medium2026-04-05
CVE-2026-5540 code-projects Simple Laundry System Parameter modifymember.php sql injection — Simple Laundry System 7.3 High2026-04-05
CVE-2026-5537 halex CourseSEL HTTP GET Parameter IndexController.class.php check_sel sql injection — CourseSEL 6.3 Medium2026-04-05
CVE-2026-5534 itsourcecode Online Enrollment System Parameter index.php sql injection — Online Enrollment System 7.3 High2026-04-05
CVE-2026-34934 PraisonAI: Second-Order SQL Injection in `get_all_user_threads` — PraisonAI 9.8 Critical2026-04-03
CVE-2026-34612 Kestra: Remote Code Execution via SQL Injection — kestra 10.0 Critical2026-04-03
CVE-2026-34788 Emlog: SQL Injection in tag_model::updateTagName() via unsanitized parameters — emlog 6.5 Medium2026-04-03
CVE-2026-27885 Piwigo: SQL Injection in Activity.getList — Piwigo 7.2 High2026-04-03
CVE-2026-27834 Piwigo: SQL Injection in pwg.users.getList API Method via filter Parameter — Piwigo 7.2 High2026-04-03
CVE-2026-27634 Piwigo: Pre-auth SQL injection via date filter parameters in ws_std_image_sql_filter — Piwigo 7.5AIHighAI2026-04-03
CVE-2026-25773 Focalboard Second-Order SQL Injection in category reorder endpoint allows data exfiltration (unsupported product, no fix) — Focalboard 8.1 High2026-04-03
CVE-2026-34825 NocoBase Has SQL Injection via template variable substitution in workflow SQL node — nocobase 8.8AIHighAI2026-04-02
CVE-2026-34717 OpenProject: SQL Injection in Cost Reporting =n Operator via parse_number_string — openproject 9.9 Critical2026-04-02
CVE-2026-5368 projectworlds Car Rental Project Parameter login.php sql injection — Car Rental Project 7.3 High2026-04-02
CVE-2026-35168 OpenSTAManager: SQL Injection via Aggiornamenti Module — openstamanager 8.8 High2026-04-02
CVE-2026-5334 itsourcecode Online Enrollment System Parameter index.php sql injection — Online Enrollment System 7.3 High2026-04-02
CVE-2026-28805 OpenSTAManager: Time-Based Blind SQL Injection via `options[stato]` Parameter — openstamanager 8.8 High2026-04-02
CVE-2026-5328 shsuishang modulithshop ProductItemDao ProductIndexServiceImpl.java listItem sql injection — modulithshop 6.3 Medium2026-04-02
CVE-2026-33616 MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the mb24api Endpoint — mbCONNECT24 7.5 High2026-04-02
CVE-2026-33615 MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the setinfo Endpoint — mbCONNECT24 9.1 Critical2026-04-02
CVE-2026-33614 MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the getinfo endpoint — mbCONNECT24 7.5 High2026-04-02
CVE-2026-5322 AlejandroArciniegas mcp-data-vis MCP server.js request sql injection — mcp-data-vis 7.3 High2026-04-02

Vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) represent 8815 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.