Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

CVEs (19,368)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-6202 - - Apr 29, 2026 Apr 13, 2026 2.1 LOW· v4 6.3 MEDIUM· v3 6.5 MEDIUM· v2 A security flaw has been discovered in code-projects Easy Blog Site 1.0. This affects an unknown function of the file post.php. Performing a manipulation of the argument tags results in sql injection. The attack may be i...Show more A security flaw has been discovered in code-projects Easy Blog Site 1.0. This affects an unknown function of the file post.php. Performing a manipulation of the argument tags results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.Show less
CVE-2026-6193 - - Apr 29, 2026 Apr 13, 2026 5.5 MEDIUM· v4 7.3 HIGH· v3 7.5 HIGH· v2 A security flaw has been discovered in PHPGurukul Daily Expense Tracking System 1.1. Affected is an unknown function of the file /register.php. The manipulation of the argument email results in sql injection. The attack...Show more A security flaw has been discovered in PHPGurukul Daily Expense Tracking System 1.1. Affected is an unknown function of the file /register.php. The manipulation of the argument email results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.Show less
CVE-2026-6191 - - Apr 29, 2026 Apr 13, 2026 2.1 LOW· v4 6.3 MEDIUM· v3 6.5 MEDIUM· v2 A vulnerability was determined in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /equipments.php. Executing a manipulation of the argument Name can lead to sql injection. Th...Show more A vulnerability was determined in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /equipments.php. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.Show less
CVE-2026-6190 - - Apr 29, 2026 Apr 13, 2026 2.1 LOW· v4 6.3 MEDIUM· v3 6.5 MEDIUM· v2 A vulnerability was found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /employees.php. Performing a manipulation of the argument Name results in sql injectio...Show more A vulnerability was found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /employees.php. Performing a manipulation of the argument Name results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.Show less
CVE-2026-6189 - - Apr 29, 2026 Apr 13, 2026 5.5 MEDIUM· v4 7.3 HIGH· v3 7.5 HIGH· v2 A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=login. Such manipulation of the argument Username leads t...Show more A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=login. Such manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2026-36952 - - Apr 17, 2026 Apr 13, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in the file /otas/admin/curriculum/manage_curriculum.php.
CVE-2026-36950 - - Apr 17, 2026 Apr 13, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in /otas/projects_per_department.php.
CVE-2026-36948 - - Apr 17, 2026 Apr 13, 2026 N/A· v4 7.3 HIGH· v3 N/A· v2 Sourcecodester Online Thesis Archiving System v1.0 is vulnerale to SQL injection in the file /otas/view_archive.php.
CVE-2026-6188 - - Apr 29, 2026 Apr 13, 2026 5.5 MEDIUM· v4 7.3 HIGH· v3 7.5 HIGH· v2 A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=delete_sales. This manipulation of the argument ID causes sql injection. It is...Show more A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=delete_sales. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.Show less
CVE-2026-6187 - - Apr 29, 2026 Apr 13, 2026 5.5 MEDIUM· v4 7.3 HIGH· v3 7.5 HIGH· v2 A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=chk_prod_availability. The manipulation of the argument ID r...Show more A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=chk_prod_availability. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.Show less
CVE-2026-36938 - - Apr 17, 2026 Apr 13, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/rooms/view_room.php.
CVE-2026-36937 - - Apr 17, 2026 Apr 13, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/reservations/view_details.php.
CVE-2026-34186 1Artica 1Pandora Fms Apr 22, 2026 Apr 13, 2026 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields. This issue affects Pandora FMS: from 777 through 800
CVE-2026-30813 1Artica 1Pandora Fms Apr 22, 2026 Apr 13, 2026 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search. This issue affects Pandora FMS: from 777 through 800
CVE-2026-6183 - - Apr 29, 2026 Apr 13, 2026 5.5 MEDIUM· v4 7.3 HIGH· v3 7.5 HIGH· v2 A security flaw has been discovered in code-projects Simple Content Management System 1.0. Affected by this issue is some unknown functionality of the file /web/index.php. Performing a manipulation of the argument ID res...Show more A security flaw has been discovered in code-projects Simple Content Management System 1.0. Affected by this issue is some unknown functionality of the file /web/index.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.Show less
CVE-2026-6182 - - Apr 29, 2026 Apr 13, 2026 5.5 MEDIUM· v4 7.3 HIGH· v3 7.5 HIGH· v2 A vulnerability was identified in code-projects Simple Content Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /web/admin/login.php. Such manipulation of the argument User le...Show more A vulnerability was identified in code-projects Simple Content Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /web/admin/login.php. Such manipulation of the argument User leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used.Show less
CVE-2026-36945 - - Apr 17, 2026 Apr 13, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/clients/manage_client.php
CVE-2026-36944 - - Apr 17, 2026 Apr 13, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerale to SQL injection in the file/rsms/admin/repairs/view_details.php.
CVE-2026-36943 - - Apr 17, 2026 Apr 13, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/repairs/manage_repair.php.
CVE-2026-36942 - - May 10, 2026 Apr 13, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in the file /orms/admin/activities/manage_activity.php.

Previous 1...343536...969 Next