Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

CVEs (19,296)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-34186 1Artica 1Pandora Fms Apr 22, 2026 Apr 13, 2026 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields. This issue affects Pandora FMS: from 777 through 800
CVE-2026-30813 1Artica 1Pandora Fms Apr 22, 2026 Apr 13, 2026 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search. This issue affects Pandora FMS: from 777 through 800
CVE-2026-6183 - - Apr 29, 2026 Apr 13, 2026 5.5 MEDIUM· v4 7.3 HIGH· v3 7.5 HIGH· v2 A security flaw has been discovered in code-projects Simple Content Management System 1.0. Affected by this issue is some unknown functionality of the file /web/index.php. Performing a manipulation of the argument ID res...Show more A security flaw has been discovered in code-projects Simple Content Management System 1.0. Affected by this issue is some unknown functionality of the file /web/index.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.Show less
CVE-2026-6182 - - Apr 29, 2026 Apr 13, 2026 5.5 MEDIUM· v4 7.3 HIGH· v3 7.5 HIGH· v2 A vulnerability was identified in code-projects Simple Content Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /web/admin/login.php. Such manipulation of the argument User le...Show more A vulnerability was identified in code-projects Simple Content Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /web/admin/login.php. Such manipulation of the argument User leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used.Show less
CVE-2026-36945 - - Apr 17, 2026 Apr 13, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/clients/manage_client.php
CVE-2026-36944 - - Apr 17, 2026 Apr 13, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerale to SQL injection in the file/rsms/admin/repairs/view_details.php.
CVE-2026-36943 - - Apr 17, 2026 Apr 13, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/repairs/manage_repair.php.
CVE-2026-36942 - - May 10, 2026 Apr 13, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in the file /orms/admin/activities/manage_activity.php.
CVE-2026-36941 - - Apr 17, 2026 Apr 13, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL Injection in the file /orms/admin/rooms/manage_room.php.
CVE-2026-36947 1Oretnom23 1Computer And Mobile Repair Shop Management System Apr 14, 2026 Apr 13, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL Injection in the file /rsms/admin/services/view_service.php.
CVE-2026-36946 1Oretnom23 1Computer And Mobile Repair Shop Management System May 10, 2026 Apr 13, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/inquiries/view_details.php.
CVE-2026-36923 1Oretnom23 1Cab Management System Apr 14, 2026 Apr 13, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Cab Management System 1.0 is vulnerable to SQL Injection in the file /cms/admin/bookings/view_booking.php.
CVE-2026-36922 1Oretnom23 1Cab Management System Apr 14, 2026 Apr 13, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Cab Management System v1.0 is vulnerable to SQL injection in the file /cms/admin/categories/view_category.php.
CVE-2026-36920 1Janobe 1Online Reviewer System Apr 14, 2026 Apr 13, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Online Reviewer System v1.0 is vulnerable to SQL Injection in the file /system/system/admins/assessments/examproper/questions-view.php.
CVE-2026-36919 1Janobe 1Online Reviewer System Apr 14, 2026 Apr 13, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Online Reviewer System v1.0 is vulnerale to SQL Injection in the file /system/system/admins/assessments/examproper/exam-update.php.
CVE-2026-36874 1Razormist 1Basic Library System May 10, 2026 Apr 13, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_student.php.
CVE-2026-36873 1Razormist 1Basic Library System Apr 14, 2026 Apr 13, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_admin.php.
CVE-2026-36872 1Razormist 1Basic Library System Apr 14, 2026 Apr 13, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_book.php.
CVE-2026-6167 - - Apr 29, 2026 Apr 13, 2026 5.5 MEDIUM· v4 7.3 HIGH· v3 7.5 HIGH· v2 A vulnerability was detected in code-projects Faculty Management System 1.0. Impacted is an unknown function of the file /subject-print.php. The manipulation of the argument ID results in sql injection. The attack may be...Show more A vulnerability was detected in code-projects Faculty Management System 1.0. Impacted is an unknown function of the file /subject-print.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.Show less
CVE-2026-6166 - - Apr 29, 2026 Apr 13, 2026 5.5 MEDIUM· v4 7.3 HIGH· v3 7.5 HIGH· v2 A security vulnerability has been detected in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/UpdateVehicleFunction.php. The manipulation of the argument...Show more A security vulnerability has been detected in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/UpdateVehicleFunction.php. The manipulation of the argument VEHICLE_ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.Show less

Previous 1...313233...965 Next