CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,082 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 22 of 102
- CVE-2023-4450CRITICALCVSS 9.8EG 9.02023-08-21
A vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Template Handler. The manipulation leads to injection. The attack …
- CVE-2023-4478HIGHCVSS 8.2EG 4.32023-08-25
Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their …
- CVE-2023-45303HIGHCVSS 8.8EG 8.42023-10-06
ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute (for content sent to the /api/admin/settings endpoint).
- CVE-2023-45540MEDIUMCVSS 6.5EG 6.52023-10-16
An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML code via a crafted script to the comment field of the List of Leave requests page.
- CVE-2023-4571HIGHCVSS 8.6EG 8.62023-08-30
In Splunk IT Service Intelligence (ITSI) versions below below 4.13.3, 4.15.3, or 4.17.1, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log files that, when a vulnerable terminal app…
- CVE-2023-46304HIGHCVSS 8.1EG 8.12024-04-30
modules/Users/models/Module.php in Vtiger CRM 7.5.0 allows a remote authenticated attacker to run arbitrary PHP code because an unprotected endpoint allows them to write this code to the config.inc.php file (executed on every page load).
- CVE-2023-46456CRITICALCVSS 9.8EG 9.82023-12-12
In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality.
- CVE-2023-46468HIGHCVSS 7.8EG 7.82023-10-28
An issue in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted file to the custom plugin function.
- CVE-2023-46726CRITICALCVSS 9.8EG 7.22023-12-13
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, on PHP 7.4 only, the LDAP server configuration form can be used to execute arbitrary code previously uploaded as a GLPI docum…
- CVE-2023-47119MEDIUMCVSS 6.1EG 5.32023-11-10
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some links can inject arbitrary HTML tags when rendered through…
- CVE-2023-4767MEDIUMCVSS 6.1EG 6.12023-11-03
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fi…
- CVE-2023-4818HIGHCVSS 7.6EG 7.62024-01-15
PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used. The attacker must have physical USB access to the device in order to …
- CVE-2023-48199HIGHCVSS 7.8EG 7.82023-11-15
HTML Injection vulnerability in the 'manageApiKeys' component in Grocy <= 4.0.3 allows attackers to inject arbitrary HTML content without script execution. This occurs when user-supplied data is not appropriately sanitized, enabling the in…
- CVE-2023-48205MEDIUMCVSS 5.3EG 5.32023-12-07
Jorani Leave Management System 1.0.2 allows a remote attacker to spoof a Host header associated with password reset emails.
- CVE-2023-4843MEDIUMCVSS 4.8EG 4.32023-09-08
Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field utilized in Visual Business Director, however this field can only be modified by an authenticated administrative user.
- CVE-2023-48709HIGHCVSS 8.0EG 8.02024-04-15
iTop is an IT service management platform. When exporting data from backoffice or portal in CSV or Excel files, users' inputs may include malicious formulas that may be imported into Excel. As Excel 2016 does **not** prevent Remote Code E…
- CVE-2023-48826HIGHCVSS 8.8EG 8.82023-12-07
Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the Reservations List.
- CVE-2023-48830HIGHCVSS 8.8EG 8.82023-12-07
Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Languages section via an export.
- CVE-2023-48835HIGHCVSS 8.8EG 8.82023-12-07
Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > Labels > Export action.
- CVE-2023-48841HIGHCVSS 8.8EG 8.82023-12-07
Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action.
- CVE-2023-49214CRITICALCVSS 9.8EG 9.82023-11-23
Usedesk before 1.7.57 allows chat template injection.
- CVE-2023-49328HIGHCVSS 7.2EG 7.22023-12-25
On a Wolters Kluwer B.POINT 23.70.00 server running Linux on premises, during the authentication phase, a validated system user can achieve remote code execution via Argument Injection in the server-to-server module.
- CVE-2023-49964HIGHCVSS 8.8EG 8.82023-12-11
An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting malicious content in the folder.get.html.ftl file, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can leverage FreeMarke…
- CVE-2023-50093MEDIUMCVSS 6.1EG 6.12024-01-03
APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable to Host Header Injection.
- CVE-2023-5043HIGHCVSS 8.8EG 7.62023-10-25
Ingress nginx annotation injection causes arbitrary command execution.
- CVE-2023-51388CRITICALCVSS 9.8EG 9.82024-02-22
Hertzbeat is a real-time monitoring system. In `CalculateAlarm.java`, `AviatorEvaluator` is used to directly execute the expression function, and no security policy is configured, resulting in AviatorScript (which can execute any static me…
- CVE-2023-51446MEDIUMCVSS 5.9EG 5.92024-02-01
GLPI is a Free Asset and IT Management Software package. When authentication is made against a LDAP, the authentication form can be used to perform LDAP injection. Upgrade to 10.0.12.
- CVE-2023-51653CRITICALCVSS 9.8EG 9.82024-02-22
Hertzbeat is a real-time monitoring system. In the implementation of `JmxCollectImpl.java`, `JMXConnectorFactory.connect` is vulnerable to JNDI injection. The corresponding interface is `/api/monitor/detect`. If there is a URL field, the a…
- CVE-2023-51664CRITICALCVSS 9.8EG 7.32023-12-27
tj-actions/changed-files is a Github action to retrieve all files and directories. Prior to 41.0.0, the `tj-actions/changed-files` workflow allows for command injection in changed filenames, allowing an attacker to execute arbitrary code a…
- CVE-2023-51939HIGHCVSS 8.8EG 8.82024-02-01
An issue in the cp_bbs_sig function in relic/src/cp/relic_cp_bbs.c of Relic relic-toolkit 0.6.0 allows a remote attacker to obtain sensitive information and escalate privileges via the cp_bbs_sig function.
- CVE-2023-52081MEDIUMCVSS 5.3EG 5.32023-12-28
ffcss is a CLI interface to apply and configure Firefox CSS themes. Prior to 0.2.0, the function `lookupPreprocess()` is meant to apply some transformations to a string by disabling characters in the regex `[-_ .]`. However, due to the use…
- CVE-2023-5269HIGHCVSS 8.8EG 5.52023-09-29
A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been classified as critical. Affected is an unknown function of the file parcel_list.php of the component GET Parameter Handler. The manipulation of the…
- CVE-2023-5340CRITICALCVSS 9.8EG 9.82023-11-20
The Five Star Restaurant Menu and Food Ordering WordPress plugin before 2.4.11 unserializes user input via an AJAX action available to unauthenticated users, allowing them to perform PHP Object Injection when a suitable gadget is present o…
- CVE-2023-6004MEDIUMCVSS 4.8EG 3.92024-01-03
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned…
- CVE-2023-6164MEDIUMCVSS 4.8EG 2.22023-11-22
The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to CSS Injection via the ‘newColor’ parameter in all versions up to, and including, 4.5.1.2 due to insufficient input sani…
- CVE-2023-6174MEDIUMCVSS 6.5EG 6.32023-11-16
SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file
- CVE-2023-6458CRITICALCVSS 9.8EG 7.12023-12-06
Mattermost webapp fails to validate route parameters in/<TEAM_NAME>/channels/<CHANNEL_NAME> allowing an attacker to perform a client-side path traversal.
- CVE-2023-6648CRITICALCVSS 9.8EG 7.32023-12-10
A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file password-recovery.php. The manipulation of the argument username/contactno leads…
- CVE-2023-7039CRITICALCVSS 9.8EG 6.32023-12-21
A vulnerability classified as critical has been found in Byzoro S210 up to 20231210. Affected is an unknown function of the file /importexport.php. The manipulation of the argument sql leads to injection. It is possible to launch the attac…
- CVE-2023-7096CRITICALCVSS 9.8EG 4.72023-12-25
A flaw has been found in code-projects Faculty Management System 1.0. The affected element is an unknown function of the file /admin/php/crud.php. This manipulation of the argument fieldname/tablename causes sql injection. The attack is po…
- CVE-2023-7100CRITICALCVSS 9.8EG 6.32023-12-25
A vulnerability, which was classified as critical, was found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file /admin/bwdates-report-details.php. The manipulation of the argument fdate/tdate lea…
- CVE-2023-7114HIGHCVSS 8.8EG 7.12023-12-29
Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker to perform CSRF attacks against the server.
- CVE-2023-7299MEDIUMCVSS 6.3EG 6.32024-11-23
A vulnerability was found in DataGear up to 4.60. It has been declared as critical. This vulnerability affects unknown code of the file /dataSet/resolveSql. The manipulation of the argument sql leads to sql injection. The attack can be ini…
- CVE-2023-7331MEDIUMCVSS 4.7EG 4.72025-12-31
A vulnerability was detected in PKrystian Full-Stack-Bank up to bf73a0179e3ff07c0d7dc35297cea0be0e5b1317. This vulnerability affects unknown code of the component User Handler. Performing manipulation results in sql injection. It is possib…
- CVE-2023-7333MEDIUMCVSS 5.3EG 5.32026-01-07
A weakness has been identified in bluelabsio records-mover up to 1.5.4. The affected element is an unknown function of the component Table Object Handler. This manipulation causes sql injection. The attack needs to be launched locally. Upg…
- CVE-2024-0044MEDIUMCVSS 6.7EG 6.72024-03-11
In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interactio…
- CVE-2024-0231LOWCVSS 2.7EG 2.72024-07-24
A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits.
- CVE-2024-0552CRITICALCVSS 9.8EG 9.82024-01-15
Intumit inc. SmartRobot's web framwork has a remote code execution vulnerability. An unauthorized remote attacker can exploit this vulnerability to execute arbitrary commands on the remote server.
- CVE-2024-0579MEDIUMCVSS 6.3EG 6.32024-01-16
A vulnerability classified as critical was found in Totolink X2000R 1.0.0-B20221212.1452. Affected by this vulnerability is the function formMapDelDevice of the file /boafrm/formMapDelDevice. The manipulation of the argument macstr leads t…
- CVE-2024-10153MEDIUMCVSS 6.3EG 6.32024-10-19
A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file book-boat.php?bid=1 of the component Book a Boat Page. The manipulation…
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →