Vulnerabilities (CVE)

Filtered by CWE-89
Total 19557 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-46248 2026-06-17 N/A 9.3 CRITICAL
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in M A Vinoth Kumar Frontend Dashboard frontend-dashboard allows SQL Injection.This issue affects Frontend Dashboard: from n/a through <= 2.2.5.
CVE-2025-46242 1 Kibokolabs 1 Watu Quiz 2026-06-17 N/A 7.6 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bob Watu Quiz watu allows SQL Injection.This issue affects Watu Quiz: from n/a through <= 3.4.3.
CVE-2025-46192 1 Lerouxyxchire 1 Client Database Management System 2026-06-17 N/A 9.8 CRITICAL
SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_payment_update.php via the order_id POST parameter.
CVE-2025-46190 1 Lerouxyxchire 1 Client Database Management System 2026-06-17 N/A 9.8 CRITICAL
SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_delivery_update.php via the order_id POST parameter.
CVE-2025-46189 1 Lerouxyxchire 1 Client Database Management System 2026-06-17 N/A 9.8 CRITICAL
SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_order_customer_update.php via the order_id POST parameter.
CVE-2025-46188 1 Lerouxyxchire 1 Client Database Management System 2026-06-17 N/A 9.8 CRITICAL
SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in superadmin_phpmyadmin.php.
CVE-2025-46179 1 Vishalmathur 1 Cloudclassroom-php Project 2026-06-17 N/A 9.8 CRITICAL
A SQL Injection vulnerability was discovered in the askquery.php file of CloudClassroom-PHP Project v1.0. The squeryx parameter accepts unsanitized input, which is passed directly into backend SQL queries.
CVE-2025-46154 1 Foxcms 1 Foxcms 2026-06-17 N/A 8.4 HIGH
Foxcms v1.25 has a SQL time injection in the $_POST['dbname'] parameter of installdb.php.
CVE-2025-46109 1 Pbootcms 1 Pbootcms 2026-06-17 N/A 8.8 HIGH
SQL Injection vulnerability in pbootCMS v.3.2.5 and v.3.2.10 allows a remote attacker to obtain sensitive information via a crafted GET request
CVE-2025-46101 1 Beakon 1 Learning Management System Sharable Content Object Reference Model 2026-06-17 N/A 9.8 CRITICAL
SQL Injection vulnerability in Beakon Software Beakon Learning Management System Sharable Content Object Reference Model (SCORM) version before 5.4.3 allows a remote attacker to obtain sensitive information via the ks parameter in json_scorm.php file
CVE-2025-46053 1 Weberp 1 Weberp 2026-06-17 N/A 5.1 MEDIUM
A SQL Injection vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL commands and extract sensitive data by injecting a crafted payload into the ReportID and ReplaceReportID parameters within a POST request to /reportwriter/admin/ReportCreator.php
CVE-2025-46052 1 Weberp 1 Weberp 2026-06-17 N/A 9.8 CRITICAL
An error-based SQL Injection (SQLi) vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL command and extract sensitive data by injecting a crafted payload into the DEL form field in a POST request to /StockCounts.php
CVE-2025-46011 1 Nadh 1 Listmonk 2026-06-17 N/A 6.5 MEDIUM
Listmonk v4.1.0 (fixed in v5.0.0) is vulnerable to SQL Injection in the QuerySubscribers function which allows attackers to escalate privileges.
CVE-2025-45956 1 Oretnom23 1 Computer Laboratory Management System 2026-06-17 N/A 8.8 HIGH
A SQL injection vulnerability in manage_damage.php in Sourcecodester Computer Laboratory Management System v1.0 allows an authenticated attacker to execute arbitrary SQL commands via the "id" parameter
CVE-2025-45885 1 Phpgurukul 1 Vehicle Parking Management System 2026-06-17 N/A 9.8 CRITICAL
PHPGURUKUL Vehicle Parking Management System v1.13 is vulnerable to SQL injection in the /vpms/users/login.php file. Attackers can inject malicious code from the parameter 'emailcont' and use it directly in SQL queries.
CVE-2025-45820 1 Slims 1 Senayan Library Management System Bulian 2026-06-17 N/A 6.5 MEDIUM
Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/bibliography/pop_author_edit.php.
CVE-2025-45819 1 Slims 1 Senayan Library Management System Bulian 2026-06-17 N/A 6.5 MEDIUM
Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/author.php.
CVE-2025-45818 1 Slims 1 Senayan Library Management System Bulian 2026-06-17 N/A 6.5 MEDIUM
Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/item_status.php.
CVE-2025-45809 1 Litellm 1 Litellm 2026-06-17 N/A 5.4 MEDIUM
SQL Injection vulnerability in BerriAI LiteLLM before 1.81.0 allows attackers to execute arbitrary commands via the key parameter to the "/key/block" and "/key/unblock" API endpoints.
CVE-2025-45542 1 Vishalmathur 1 Cloudclassroom-php Project 2026-06-17 N/A 7.3 HIGH
SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass parameter is vulnerable due to improper input validation, allowing attackers to inject SQL queries.