Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

CVEs (19,378)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-3486 1Angeljudesuarez 1College Management System Apr 29, 2026 Mar 3, 2026 2.0 LOW· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A vulnerability has been found in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /admin/student-fee.php. Such manipulation of the argument roll_no leads to sql injection....Show more A vulnerability has been found in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /admin/student-fee.php. Such manipulation of the argument roll_no leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2026-26892 1Oretnom23 1Simple Logistic Hub Parcel's Management System Mar 11, 2026 Mar 3, 2026 N/A· v4 7.2 HIGH· v3 N/A· v2 Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manage_carrier.php.
CVE-2026-26891 1Oretnom23 1Simple Logistic Hub Parcel's Management System Mar 4, 2026 Mar 3, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manage_parcel_type.php.
CVE-2026-26889 1Oretnom23 1Pharmacy Point Of Sale System Mar 4, 2026 Mar 3, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_category.php.
CVE-2026-26888 1Oretnom23 1Pharmacy Point Of Sale System Mar 4, 2026 Mar 3, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_stock.php.
CVE-2026-26887 1Oretnom23 1Pharmacy Point Of Sale System Mar 4, 2026 Mar 3, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_supplier.php.
CVE-2026-26890 1Oretnom23 1Pharmacy Point Of Sale System Mar 4, 2026 Mar 3, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_product.php.
CVE-2021-35484 1Nokia 1Impact Mar 5, 2026 Mar 3, 2026 N/A· v4 8.2 HIGH· v3 N/A· v2 Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic (for the View Campaign page) via...Show more Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic (for the View Campaign page) via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive data from the database and obtain access to the database user, database name, and database version information.Show less
CVE-2026-26886 1Oretnom23 1Simple Online Men's Salon Management System Mar 4, 2026 Mar 3, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /admin/services/manage_service.php.
CVE-2026-26885 1Oretnom23 1Simple Online Men's Salon Management System Mar 4, 2026 Mar 3, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /classes/Master.php?f=delete_service.
CVE-2026-26884 1Oretnom23 1Simple Online Men's Salon Management System Mar 4, 2026 Mar 3, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/admin/appointments/view_appointment.php.
CVE-2026-26883 1Oretnom23 1Simple Online Men's Salon Management System Mar 4, 2026 Mar 3, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/classes/Master.php?f=delete_appointment.
CVE-2025-70821 1Renren 1Renren Security Mar 5, 2026 Mar 3, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 renren-secuity before v5.5.0 is vulnerable to SQL Injection in the BaseServiceImpl.java component
CVE-2026-1487 - - Apr 22, 2026 Mar 3, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to SQL Injection via the JSON Import in all versions up to, and including, 5.2.7 due to insufficient validation on th...Show more The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to SQL Injection via the JSON Import in all versions up to, and including, 5.2.7 due to insufficient validation on the user-supplied JSON data. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute arbitrary SQL queries on the database that can be used to extract information via time-based techniques, drop tables, or modify data.Show less
CVE-2026-26713 1Carmelo 1Simple Food Order System Mar 3, 2026 Mar 2, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/cancel-order.php.
CVE-2026-26712 1Carmelo 1Simple Food Order System Mar 3, 2026 Mar 2, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket-admin.php.
CVE-2026-26711 1Carmelo 1Simple Food Order System Mar 3, 2026 Mar 2, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket.php.
CVE-2026-26710 1Carmelo 1Simple Food Order System Mar 3, 2026 Mar 2, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/edit-orders.php.
CVE-2026-26709 1Carmelo 1Simple Gym Management System Mar 6, 2026 Mar 2, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 code-projects Simple Gym Management System v1.0 is vulnerable to SQL Injection in /gym/trainer_search.php.
CVE-2025-48650 1Google 1Android Mar 6, 2026 Mar 2, 2026 N/A· v4 8.4 HIGH· v3 N/A· v2 In multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...Show more In multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less

Previous 1...676869...969 Next