CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,084 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 25 of 102
- CVE-2024-11967HIGHCVSS 7.3EG 7.32024-11-28
A vulnerability was found in PHPGurukul Complaint Management system 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/reset-password.php. The manipulation of the argument email leads to sql injecti…
- CVE-2024-11968MEDIUMCVSS 6.3EG 6.32024-11-28
A vulnerability was found in code-projects Farmacia up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file pagamento.php. The manipulation of the argument notaFiscal leads to sql…
- CVE-2024-11970HIGHCVSS 7.3EG 7.32024-11-28
A vulnerability classified as critical has been found in code-projects Concert Ticket Ordering System 1.0. Affected is an unknown function of the file /tour(cor).php. The manipulation of the argument mai leads to sql injection. It is possi…
- CVE-2024-11998MEDIUMCVSS 6.3EG 6.32024-11-30
A vulnerability was found in code-projects Farmacia 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /visualizer-forneccedor.chp. The manipulation of the argument id leads to sql injection. The att…
- CVE-2024-12007MEDIUMCVSS 6.3EG 6.32024-12-01
A vulnerability, which was classified as critical, was found in code-projects Farmacia 1.0. This affects an unknown part of the file /visualizar-produto.php. The manipulation of the argument id leads to sql injection. It is possible to ini…
- CVE-2024-12187HIGHCVSS 7.3EG 7.32024-12-05
A vulnerability was found in 1000 Projects Library Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /showbook.php. The manipulation of the argument q leads to sql injection. It is possi…
- CVE-2024-12188HIGHCVSS 7.3EG 7.32024-12-05
A vulnerability was found in 1000 Projects Library Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /brains/stu.php. The manipulation of the argument useri lead…
- CVE-2024-12228HIGHCVSS 7.3EG 7.32024-12-05
A vulnerability classified as critical has been found in PHPGurukul Complaint Management System 1.0. Affected is an unknown function of the file /admin/user-search.php. The manipulation of the argument search leads to sql injection. It is …
- CVE-2024-12229HIGHCVSS 7.3EG 7.32024-12-05
A vulnerability classified as critical was found in PHPGurukul Complaint Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/complaint-search.php. The manipulation of the argument search lea…
- CVE-2024-12230HIGHCVSS 7.3EG 7.32024-12-05
A vulnerability, which was classified as critical, has been found in PHPGurukul Complaint Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/subcategory.php. The manipulation of the argument cate…
- CVE-2024-12231HIGHCVSS 7.3EG 7.32024-12-05
A vulnerability, which was classified as critical, was found in CodeZips Project Management System 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument email leads to sql injection. It is possible to i…
- CVE-2024-12234HIGHCVSS 7.3EG 7.32024-12-05
A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/edit-customer-detailed.php. The manipulation of the argument name leads…
- CVE-2024-12350MEDIUMCVSS 6.3EG 6.32024-12-09
A vulnerability was found in JFinalCMS 1.0. It has been rated as critical. Affected by this issue is the function update of the file \src\main\java\com\cms\controller\admin\TemplateController.java of the component Template Handler. The man…
- CVE-2024-12351MEDIUMCVSS 6.3EG 6.32024-12-09
A vulnerability classified as critical has been found in JFinalCMS 1.0. This affects the function findPage of the file src\main\java\com\cms\entity\ContentModel.java of the component File Content Handler. The manipulation of the argument n…
- CVE-2024-12360MEDIUMCVSS 6.3EG 6.32024-12-09
A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been rated as critical. This issue affects some unknown processing of the file class_update.php. The manipulation of the argument id leads to sq…
- CVE-2024-12479MEDIUMCVSS 6.3EG 6.32024-12-12
A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2 and classified as critical. This issue affects the function searchTopicByKeyword of the file wetech-cms-master\wetech-core\src\main\java\tech\wetech\cms\dao\TopicDao.java. The manipu…
- CVE-2024-12480MEDIUMCVSS 6.3EG 6.32024-12-12
A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been classified as critical. Affected is the function searchTopic of the file wetech-cms-master\wetech-core\src\main\java\tech\wetech\cms\dao\TopicDao.java. The manipulation …
- CVE-2024-12481MEDIUMCVSS 6.3EG 6.32024-12-12
A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been declared as critical. Affected by this vulnerability is the function findUser of the file wetech-cms-master\wetech-core\src\main\java\tech\wetech\cms\dao\UserDao.java. T…
- CVE-2024-12484HIGHCVSS 7.3EG 7.32024-12-12
A vulnerability classified as critical was found in Codezips Technical Discussion Forum 1.0. This vulnerability affects unknown code of the file /signuppost.php. The manipulation of the argument Username leads to sql injection. The attack …
- CVE-2024-12485MEDIUMCVSS 6.3EG 6.32024-12-12
A vulnerability, which was classified as critical, has been found in code-projects Online Class and Exam Scheduling System 1.0. This issue affects some unknown processing of the file /pages/department.php. The manipulation of the argument …
- CVE-2024-12486MEDIUMCVSS 6.3EG 6.32024-12-12
A vulnerability, which was classified as critical, was found in code-projects Online Class and Exam Scheduling System 1.0. Affected is an unknown function of the file /pages/rank_update.php. The manipulation of the argument id leads to sql…
- CVE-2024-12487MEDIUMCVSS 6.3EG 6.32024-12-12
A vulnerability has been found in code-projects Online Class and Exam Scheduling System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pages/room_update.php. The manipulation of the …
- CVE-2024-12488MEDIUMCVSS 6.3EG 6.32024-12-12
A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pages/subject_update.php. The manipulation of the argument…
- CVE-2024-12489MEDIUMCVSS 6.3EG 6.32024-12-12
A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been classified as critical. This affects an unknown part of the file /pages/term.php. The manipulation of the argument id leads to sql injectio…
- CVE-2024-12490MEDIUMCVSS 6.3EG 6.32024-12-12
A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /pages/teacher_save.php. The manipulation of the argument salut l…
- CVE-2024-12492MEDIUMCVSS 6.3EG 6.32024-12-12
A vulnerability was found in code-projects Farmacia 1.0. It has been rated as critical. This issue affects some unknown processing of the file /visualizar-usuario.php. The manipulation of the argument id leads to sql injection. The attack …
- CVE-2024-12497HIGHCVSS 7.3EG 7.32024-12-12
A vulnerability classified as critical has been found in 1000 Projects Attendance Tracking Management System 1.0. Affected is an unknown function of the file /admin/check_admin_login.php. The manipulation of the argument admin_user_name le…
- CVE-2024-12756HIGHCVSS 7.3EG 7.32025-02-11
An HTML Injection vulnerability in Avaya Spaces may have allowed disclosure of sensitive information or modification of the page content seen by the user.
- CVE-2024-12784MEDIUMCVSS 6.3EG 6.32024-12-19
A vulnerability was found in itsourcecode Vehicle Management System 1.0. It has been classified as critical. Affected is an unknown function of the file editbill.php. The manipulation of the argument id leads to sql injection. It is possib…
- CVE-2024-12785MEDIUMCVSS 6.3EG 6.32024-12-19
A vulnerability was found in itsourcecode Vehicle Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file sendmail.php. The manipulation of the argument id leads to sq…
- CVE-2024-12787HIGHCVSS 7.3EG 7.32024-12-19
A vulnerability has been found in 1000 Projects Attendance Tracking Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /student/check_student_login.php. The manipulation…
- CVE-2024-12788HIGHCVSS 7.3EG 7.32024-12-19
A vulnerability was found in Codezips Technical Discussion Forum 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file signinpost.php. The manipulation of the argument username leads to sql inject…
- CVE-2024-12789MEDIUMCVSS 6.3EG 6.32024-12-19
A vulnerability was found in PbootCMS up to 3.2.3. It has been classified as critical. This affects an unknown part of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to code injection. It is p…
- CVE-2024-12791HIGHCVSS 7.3EG 7.32024-12-19
A vulnerability was found in Codezips E-Commerce Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file signin.php. The manipulation of the argument email leads to sql injection. The attack may be i…
- CVE-2024-12792HIGHCVSS 7.3EG 7.32024-12-19
A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file newadmin.php. The manipulation of the argument email leads to sql injection. The attac…
- CVE-2024-12794MEDIUMCVSS 6.3EG 6.32024-12-19
A vulnerability, which was classified as critical, was found in Codezips E-Commerce Site 1.0. This affects an unknown part of the file /admin/editorder.php. The manipulation of the argument dstatus/quantity/ddate leads to sql injection. It…
- CVE-2024-12884HIGHCVSS 7.3EG 7.32024-12-21
A vulnerability was found in Codezips E-Commerce Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument email leads to sql injection. The at…
- CVE-2024-12890MEDIUMCVSS 6.3EG 6.32024-12-22
A vulnerability was found in code-projects Online Exam Mastering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /update.php?q=quiz&step=2. The manipulation of the argument eid leads to sql…
- CVE-2024-12891MEDIUMCVSS 6.3EG 6.32024-12-22
A vulnerability classified as critical has been found in code-projects Online Exam Mastering System 1.0. Affected is an unknown function of the file /account.php?q=quiz&step=2. The manipulation of the argument eid leads to sql injection. I…
- CVE-2024-12894MEDIUMCVSS 6.3EG 6.32024-12-22
A vulnerability, which was classified as critical, was found in TreasureHuntGame TreasureHunt up to 963e0e0. Affected is an unknown function of the file TreasureHunt/acesso.php. The manipulation of the argument usuario leads to sql injecti…
- CVE-2024-12895MEDIUMCVSS 6.3EG 6.32024-12-22
A vulnerability has been found in TreasureHuntGame TreasureHunt up to 963e0e0 and classified as critical. Affected by this vulnerability is the function console_log of the file TreasureHunt/checkflag.php. The manipulation of the argument p…
- CVE-2024-12898MEDIUMCVSS 6.3EG 6.32024-12-23
A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/faculty_action.php. The manipulation of the argument faculty…
- CVE-2024-12899HIGHCVSS 7.3EG 7.32024-12-23
A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/course_action.php. The manipulation of the argument course_c…
- CVE-2024-12900MEDIUMCVSS 6.3EG 6.32024-12-23
A vulnerability classified as critical has been found in FoxCMS up to 1.2. Affected is an unknown function of the file /install/installdb.php of the component Configuration File Handler. The manipulation of the argument database password l…
- CVE-2024-12926MEDIUMCVSS 6.3EG 6.32024-12-25
A vulnerability classified as critical was found in Codezips Project Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/forms/advanced.php. The manipulation of the argument name leads to sq…
- CVE-2024-12927HIGHCVSS 7.3EG 7.32024-12-25
A vulnerability, which was classified as critical, has been found in 1000 Projects Attendance Tracking Management System 1.0. Affected by this issue is some unknown functionality of the file /faculty/check_faculty_login.php. The manipulati…
- CVE-2024-12928MEDIUMCVSS 6.3EG 6.32024-12-26
A vulnerability, which was classified as critical, was found in code-projects Simple Admin Panel 1.0. This affects an unknown part. The manipulation of the argument c_name leads to sql injection. It is possible to initiate the attack remot…
- CVE-2024-12929MEDIUMCVSS 6.3EG 6.32024-12-26
A vulnerability has been found in code-projects Student Management System 1.0.00 and classified as critical. This vulnerability affects unknown code of the file /addCatController.php. The manipulation of the argument size leads to sql inje…
- CVE-2024-12931MEDIUMCVSS 6.3EG 6.32024-12-26
A vulnerability was found in code-projects Simple Admin Panel 1.0. It has been classified as critical. Affected is an unknown function of the file /addCatController.php. The manipulation of the argument size leads to sql injection. It is p…
- CVE-2024-12934MEDIUMCVSS 6.3EG 6.32024-12-26
A vulnerability classified as critical has been found in code-projects Simple Admin Panel 1.0. This affects an unknown part of the file updateItemController.php. The manipulation of the argument p_desk leads to sql injection. It is possibl…
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →