Entity Details

Cwe-89 - SQL Injection - Cwe

Type: Cwe

Frequency: Mentioned 80 times

Threat intelligence on Cwe-89 - SQL Injection (Cwe). Found in 39 clusters.

Related Threat Clusters

• Critical SQL Injection Vulnerability in Drupal Core Actively Exploited (Threat Score: 80.2)
• Critical cPanel Vulnerability Exploited in Southeast Asia Cyber Attacks (Threat Score: 78.0)
• Ghost CMS SQL Injection Exploits 700+ Sites in Ongoing ClickFix Campaign (Threat Score: 78.0)
• Critical SQL Injection Vulnerability in CodeAstro Attendance System (CVE-2026-37749) (Threat Score: 78.0)
• Lazarus Group Escalates Attacks with Fileless RemotePE Trojan Targeting Crypto and Banks (Threat Score: 77.9)
• Critical SQL Injection Vulnerability in ProFTPD Allows Remote Code Execution (Threat Score: 74.0)
• SQL Injection Vulnerabilities Discovered in Gate Pass Management System and Yot CMS (Threat Score: 74.0)
• Critical MOVEit Vulnerabilities Expose Organizations to Data Breaches (Threat Score: 74.0)
• Critical SQL Injection Vulnerability in JSP Store Locator Plugin (Threat Score: 72.9)
• Critical SQL Injection Vulnerability in LiteLLM Actively Exploited (Threat Score: 72.8)

Recent Articles

• Tenzai's own research - pr.report
• CVE-2018-25425 AKAOMA CVE VULNERABILITIES / 8h Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Attackers can send GET requests to index.php with crafted SQL payloads in the aid or cid parameters to extract database information including table and column names. - cve.akaoma.com
• CVE-2018-25424 AKAOMA CVE VULNERABILITIES / 6h Gate Pass Management System 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login and password parameters. Attackers can submit crafted POST requests to login-exec.php with SQL injection payloads in form parameters to authenticate without valid credentials and gain access to the application. - cve.akaoma.com
• CVE-2018-25425 - Exploits & Severity - Feedly
• CVE-2018-25424 - Exploits & Severity - Feedly
• Prompt Injection - simonwillison.net
• What Is an AI Prompt Injection Attack? The Hidden Threat Hijacking Your Chatbots - Decrypt.Co
• 862 - cwe.mitre.org
• Hunt Them All: An AI-Powered Vulnerability Sweep of 19000 MCP Servers - Trendmicro
• Hunt Them All: An AI-Powered Vulnerability Sweep of 19000 MCP Servers - Trendmicro