Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

CVEs (19,368)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-36941 - - Apr 17, 2026 Apr 13, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL Injection in the file /orms/admin/rooms/manage_room.php.
CVE-2026-36947 1Oretnom23 1Computer And Mobile Repair Shop Management System Apr 14, 2026 Apr 13, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL Injection in the file /rsms/admin/services/view_service.php.
CVE-2026-36946 1Oretnom23 1Computer And Mobile Repair Shop Management System May 10, 2026 Apr 13, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/inquiries/view_details.php.
CVE-2026-36923 1Oretnom23 1Cab Management System Apr 14, 2026 Apr 13, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Cab Management System 1.0 is vulnerable to SQL Injection in the file /cms/admin/bookings/view_booking.php.
CVE-2026-36922 1Oretnom23 1Cab Management System Apr 14, 2026 Apr 13, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Cab Management System v1.0 is vulnerable to SQL injection in the file /cms/admin/categories/view_category.php.
CVE-2026-36920 1Janobe 1Online Reviewer System Apr 14, 2026 Apr 13, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Online Reviewer System v1.0 is vulnerable to SQL Injection in the file /system/system/admins/assessments/examproper/questions-view.php.
CVE-2026-36919 1Janobe 1Online Reviewer System Apr 14, 2026 Apr 13, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Online Reviewer System v1.0 is vulnerale to SQL Injection in the file /system/system/admins/assessments/examproper/exam-update.php.
CVE-2026-36874 1Razormist 1Basic Library System May 10, 2026 Apr 13, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_student.php.
CVE-2026-36873 1Razormist 1Basic Library System Apr 14, 2026 Apr 13, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_admin.php.
CVE-2026-36872 1Razormist 1Basic Library System Apr 14, 2026 Apr 13, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_book.php.
CVE-2026-6167 - - Apr 29, 2026 Apr 13, 2026 5.5 MEDIUM· v4 7.3 HIGH· v3 7.5 HIGH· v2 A vulnerability was detected in code-projects Faculty Management System 1.0. Impacted is an unknown function of the file /subject-print.php. The manipulation of the argument ID results in sql injection. The attack may be...Show more A vulnerability was detected in code-projects Faculty Management System 1.0. Impacted is an unknown function of the file /subject-print.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.Show less
CVE-2026-6166 - - Apr 29, 2026 Apr 13, 2026 5.5 MEDIUM· v4 7.3 HIGH· v3 7.5 HIGH· v2 A security vulnerability has been detected in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/UpdateVehicleFunction.php. The manipulation of the argument...Show more A security vulnerability has been detected in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/UpdateVehicleFunction.php. The manipulation of the argument VEHICLE_ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.Show less
CVE-2026-3830 - - Apr 15, 2026 Apr 13, 2026 N/A· v4 8.6 HIGH· v3 N/A· v2 The Product Filter for WooCommerce by WBW WordPress plugin before 3.1.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
CVE-2025-15441 - - Apr 15, 2026 Apr 13, 2026 N/A· v4 6.8 MEDIUM· v3 N/A· v2 The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping" feature is in use, which could make SQL Injection attacks possible in certain contexts.
CVE-2026-6165 - - Apr 29, 2026 Apr 13, 2026 5.5 MEDIUM· v4 7.3 HIGH· v3 7.5 HIGH· v2 A weakness has been identified in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/Login_check.php. Executing a manipulation of the argument ID can lead to s...Show more A weakness has been identified in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/Login_check.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.Show less
CVE-2026-6164 - - Apr 29, 2026 Apr 13, 2026 5.5 MEDIUM· v4 7.3 HIGH· v3 7.5 HIGH· v2 A security flaw has been discovered in code-projects Lost and Found Thing Management 1.0. This affects an unknown part of the file /addcat.php. Performing a manipulation of the argument cata results in sql injection. The...Show more A security flaw has been discovered in code-projects Lost and Found Thing Management 1.0. This affects an unknown part of the file /addcat.php. Performing a manipulation of the argument cata results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.Show less
CVE-2026-6163 - - Apr 29, 2026 Apr 13, 2026 5.5 MEDIUM· v4 7.3 HIGH· v3 7.5 HIGH· v2 A vulnerability was identified in code-projects Lost and Found Thing Management 1.0. Affected by this issue is some unknown functionality of the file /catageory.php. Such manipulation of the argument cat leads to sql inj...Show more A vulnerability was identified in code-projects Lost and Found Thing Management 1.0. Affected by this issue is some unknown functionality of the file /catageory.php. Such manipulation of the argument cat leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.Show less
CVE-2026-6161 - - Apr 29, 2026 Apr 13, 2026 5.5 MEDIUM· v4 7.3 HIGH· v3 7.5 HIGH· v2 A vulnerability was determined in code-projects Simple ChatBox up to 1.0. This affects an unknown part of the file /chatbox/insert.php of the component Endpoint. Executing a manipulation of the argument msg can lead to s...Show more A vulnerability was determined in code-projects Simple ChatBox up to 1.0. This affects an unknown part of the file /chatbox/insert.php of the component Endpoint. Executing a manipulation of the argument msg can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.Show less
CVE-2026-6153 - - Apr 29, 2026 Apr 13, 2026 5.5 MEDIUM· v4 7.3 HIGH· v3 7.5 HIGH· v2 A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function of the file /util/StaffDetailsFunction.php. Such manipulation of the argument STAFF_ID leads to sql...Show more A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function of the file /util/StaffDetailsFunction.php. Such manipulation of the argument STAFF_ID leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.Show less
CVE-2026-6152 - - Apr 29, 2026 Apr 13, 2026 5.5 MEDIUM· v4 7.3 HIGH· v3 7.5 HIGH· v2 A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/StaffAddingFunction.php. This manipulation of the argument STAFF_ID cau...Show more A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/StaffAddingFunction.php. This manipulation of the argument STAFF_ID causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.Show less

Previous 1...353637...969 Next