Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

CVEs (19,418)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-62392 1Ivanti 1Endpoint Manager Feb 10, 2026 Oct 13, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
CVE-2025-62391 1Ivanti 1Endpoint Manager Feb 10, 2026 Oct 13, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
CVE-2025-62390 1Ivanti 1Endpoint Manager Feb 10, 2026 Oct 13, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
CVE-2025-62389 1Ivanti 1Endpoint Manager Feb 10, 2026 Oct 13, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
CVE-2025-62388 1Ivanti 1Endpoint Manager Feb 10, 2026 Oct 13, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
CVE-2025-62387 1Ivanti 1Endpoint Manager Feb 10, 2026 Oct 13, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
CVE-2025-62386 1Ivanti 1Endpoint Manager Feb 10, 2026 Oct 13, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
CVE-2025-62385 1Ivanti 1Endpoint Manager Feb 10, 2026 Oct 13, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
CVE-2025-62384 1Ivanti 1Endpoint Manager Feb 10, 2026 Oct 13, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
CVE-2025-62383 1Ivanti 1Endpoint Manager Feb 10, 2026 Oct 13, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
CVE-2025-62360 1Wegia 1Wegia Oct 20, 2025 Oct 13, 2025 9.4 CRITICAL· v4 8.8 HIGH· v3 N/A· v2 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users.Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/dependente_documento.php endpoint, spec...Show more WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users.Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/dependente_documento.php endpoint, specifically in the id_dependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.5.1.Show less
CVE-2025-62179 1Wegia 1Wegia Oct 20, 2025 Oct 13, 2025 8.6 HIGH· v4 8.8 HIGH· v3 N/A· v2 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/cadastro_funcionario_pessoa_existente....Show more WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/cadastro_funcionario_pessoa_existente.php endpoint, specifically in the cpf parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.5.1.Show less
CVE-2025-62177 1Wegia 1Wegia Oct 20, 2025 Oct 13, 2025 8.6 HIGH· v4 8.8 HIGH· v3 N/A· v2 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/dependente_listar.php endpoint, specif...Show more WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/dependente_listar.php endpoint, specifically in the id_funcionario parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.5.1.Show less
CVE-2025-11623 1Ivanti 1Endpoint Manager Feb 10, 2026 Oct 13, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
CVE-2025-6919 - - Jun 5, 2026 Oct 13, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cats Information Technology Software Development Technologies Aykome License Tracking System allows SQL Injection. Th...Show more Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cats Information Technology Software Development Technologies Aykome License Tracking System allows SQL Injection. This issue affects Aykome License Tracking System: before Version dated 06.10.2025.Show less
CVE-2025-11668 1Fabian 1Automated Voting System Apr 29, 2026 Oct 13, 2025 2.0 LOW· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A vulnerability was determined in code-projects Automated Voting System 1.0. Affected by this issue is some unknown functionality of the file /admin/update_user.php. This manipulation of the argument Password causes sql...Show more A vulnerability was determined in code-projects Automated Voting System 1.0. Affected by this issue is some unknown functionality of the file /admin/update_user.php. This manipulation of the argument Password causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.Show less
CVE-2025-11667 1Fabian 1Automated Voting System Apr 29, 2026 Oct 13, 2025 2.1 LOW· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was found in code-projects Automated Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add_candidate_modal.php.. The manipulation of the argument firstname r...Show more A vulnerability was found in code-projects Automated Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add_candidate_modal.php.. The manipulation of the argument firstname results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.Show less
CVE-2025-11664 1Campcodes 1Online Beauty Parlor Management System Apr 29, 2026 Oct 13, 2025 2.0 LOW· v4 9.8 CRITICAL· v3 5.8 MEDIUM· v2 A security vulnerability has been detected in Campcodes Online Beauty Parlor Management System 1.0. The impacted element is an unknown function of the file /admin/search-appointment.php. Such manipulation of the argument...Show more A security vulnerability has been detected in Campcodes Online Beauty Parlor Management System 1.0. The impacted element is an unknown function of the file /admin/search-appointment.php. Such manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.Show less
CVE-2025-11663 1Campcodes 1Online Beauty Parlor Management System Apr 29, 2026 Oct 13, 2025 2.0 LOW· v4 6.1 MEDIUM· v3 5.8 MEDIUM· v2 A weakness has been identified in Campcodes Online Beauty Parlor Management System 1.0. The affected element is an unknown function of the file /admin/manage-services.php. This manipulation of the argument sername causes...Show more A weakness has been identified in Campcodes Online Beauty Parlor Management System 1.0. The affected element is an unknown function of the file /admin/manage-services.php. This manipulation of the argument sername causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.Show less
CVE-2025-11662 1Mayurik 1Best Salon Management System Apr 29, 2026 Oct 13, 2025 5.5 MEDIUM· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A security flaw has been discovered in SourceCodester Best Salon Management System 1.0. Impacted is an unknown function of the file /booking.php. The manipulation of the argument serv_id results in sql injection. It is p...Show more A security flaw has been discovered in SourceCodester Best Salon Management System 1.0. Impacted is an unknown function of the file /booking.php. The manipulation of the argument serv_id results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.Show less

Previous 1...131132133...971 Next