CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,085 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 26 of 102
- CVE-2024-12935MEDIUMCVSS 6.3EG 6.32024-12-26
A vulnerability classified as critical was found in code-projects Simple Admin Panel 1.0. This vulnerability affects unknown code of the file editItemForm.php. The manipulation of the argument record leads to sql injection. The attack can …
- CVE-2024-12936MEDIUMCVSS 6.3EG 6.32024-12-26
A vulnerability, which was classified as critical, has been found in code-projects Simple Admin Panel 1.0. This issue affects some unknown processing of the file catDeleteController.php. The manipulation of the argument record leads to sql…
- CVE-2024-12937MEDIUMCVSS 6.3EG 6.32024-12-26
A vulnerability, which was classified as critical, was found in code-projects Simple Admin Panel 1.0. Affected is an unknown function of the file addVariationController.php. The manipulation of the argument qty leads to sql injection. It i…
- CVE-2024-12938MEDIUMCVSS 6.3EG 6.32024-12-26
A vulnerability has been found in code-projects Simple Admin Panel 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file updateOrderStatus.php. The manipulation of the argument record leads …
- CVE-2024-12939MEDIUMCVSS 6.3EG 6.32024-12-26
A vulnerability was found in code-projects Job Recruitment 1.0. It has been rated as critical. This issue affects the function add_edu of the file /_parse/_all_edits.php. The manipulation of the argument degree leads to sql injection. The …
- CVE-2024-12940HIGHCVSS 7.3EG 7.32024-12-26
A vulnerability has been found in 1000 Projects Attendance Tracking Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/student_action.php. The manipulation of the argument student_i…
- CVE-2024-12941MEDIUMCVSS 6.3EG 6.32024-12-26
A vulnerability was found in CodeAstro Blood Donor Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/deletedannounce.php. The manipulation of the argument id leads to sql inject…
- CVE-2024-12942HIGHCVSS 7.3EG 7.32024-12-26
A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/admin_login.php. The manipulation of the argument username/password lead…
- CVE-2024-12943HIGHCVSS 7.3EG 7.32024-12-26
A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ownersignup.php. The manipulation of the argument f/e/p/m/…
- CVE-2024-12944HIGHCVSS 7.3EG 7.32024-12-26
A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /signin.php. The manipulation of the argument u/p leads to sql injec…
- CVE-2024-12945HIGHCVSS 7.3EG 7.32024-12-26
A vulnerability classified as critical was found in code-projects Simple Car Rental System 1.0. This vulnerability affects unknown code of the file /account.php. The manipulation of the argument email/pass leads to sql injection. The attac…
- CVE-2024-12946HIGHCVSS 7.3EG 7.32024-12-26
A vulnerability, which was classified as critical, has been found in 1000 Projects Attendance Tracking Management System 1.0. This issue affects some unknown processing of the file /admin/admin_action.php. The manipulation of the argument …
- CVE-2024-12947MEDIUMCVSS 6.3EG 6.32024-12-26
A vulnerability was found in Codezips Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /invo.php. The manipulation of the argument dname leads to sql injection. The…
- CVE-2024-12948MEDIUMCVSS 6.3EG 6.32024-12-26
A vulnerability was found in code-projects Travel Management System 1.0. It has been classified as critical. This affects an unknown part of the file /detail.php. The manipulation of the argument pid leads to sql injection. It is possible …
- CVE-2024-12949MEDIUMCVSS 6.3EG 6.32024-12-26
A vulnerability was found in code-projects Travel Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /package.php. The manipulation of the argument subcatid leads to sql injection. …
- CVE-2024-12950MEDIUMCVSS 6.3EG 6.32024-12-26
A vulnerability was found in code-projects/projectworlds Travel Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /subcat.php. The manipulation of the argument catid leads to sql i…
- CVE-2024-12952MEDIUMCVSS 6.3EG 6.32024-12-26
A vulnerability classified as critical was found in melMass comfy_mtb up to 0.1.4. Affected by this vulnerability is the function run_command of the file comfy_mtb/endpoint.py of the component Dependency Handler. The manipulation leads to …
- CVE-2024-12958HIGHCVSS 7.3EG 7.32024-12-26
A vulnerability classified as critical has been found in 1000 Projects Portfolio Management System MCA 1.0. This affects an unknown part of the file /update_pro_details.php. The manipulation of the argument q leads to sql injection. It is …
- CVE-2024-12959HIGHCVSS 7.3EG 7.32024-12-26
A vulnerability classified as critical was found in 1000 Projects Portfolio Management System MCA 1.0. This vulnerability affects unknown code of the file /update_personal_details.php. The manipulation of the argument q leads to sql inject…
- CVE-2024-12960HIGHCVSS 7.3EG 7.32024-12-26
A vulnerability, which was classified as critical, has been found in 1000 Projects Portfolio Management System MCA 1.0. This issue affects some unknown processing of the file /update_edu_details.php. The manipulation of the argument q lead…
- CVE-2024-12961HIGHCVSS 7.3EG 7.32024-12-26
A vulnerability, which was classified as critical, was found in 1000 Projects Portfolio Management System MCA 1.0. Affected is an unknown function of the file /update_ach_details.php. The manipulation of the argument q leads to sql injecti…
- CVE-2024-12962HIGHCVSS 7.3EG 7.32024-12-26
A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /_parse/_all_edits.php. The manipulation of the argument skillset leads …
- CVE-2024-12963HIGHCVSS 7.3EG 7.32024-12-26
A vulnerability was found in code-projects Job Recruitment 1.0 and classified as critical. Affected by this issue is the function add_xp of the file /_parse/_all_edits.php. The manipulation of the argument job_company leads to sql injectio…
- CVE-2024-12964HIGHCVSS 7.3EG 7.32024-12-26
A vulnerability was found in 1000 Projects Daily College Class Work Report Book 1.0. It has been classified as critical. This affects an unknown part of the file /login.php. The manipulation of the argument user leads to sql injection. It …
- CVE-2024-12965HIGHCVSS 7.3EG 7.32024-12-26
A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /update_ex_detail.php. The manipulation of the argument q leads to sql in…
- CVE-2024-12966HIGHCVSS 7.3EG 7.32024-12-26
A vulnerability was found in code-projects Job Recruitment 1.0. It has been rated as critical. This issue affects the function cn_update of the file /_parse/_all_edits.php. The manipulation of the argument cname/url leads to sql injection.…
- CVE-2024-12967HIGHCVSS 7.3EG 7.32024-12-26
A vulnerability classified as critical has been found in code-projects Job Recruitment 1.0. Affected is the function fln_update of the file /_parse/_all_edits.php. The manipulation of the argument fname/lname leads to sql injection. It is …
- CVE-2024-12968HIGHCVSS 7.3EG 7.32024-12-26
A vulnerability classified as critical was found in code-projects Job Recruitment 1.0. Affected by this vulnerability is the function edit_jobpost of the file /_parse/_all_edits.php. The manipulation of the argument jobtype leads to sql in…
- CVE-2024-12969HIGHCVSS 7.3EG 7.32024-12-26
A vulnerability, which was classified as critical, has been found in code-projects Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/index.php of the component Login. The manipulation o…
- CVE-2024-12976HIGHCVSS 7.3EG 7.32024-12-27
A vulnerability, which was classified as critical, has been found in CodeZips Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /staff.php. The manipulation of the argument tel leads to sql in…
- CVE-2024-12977MEDIUMCVSS 6.3EG 6.32024-12-27
A vulnerability, which was classified as critical, was found in PHPGurukul Complaint Management System 1.0. This affects an unknown part of the file /admin/state.php. The manipulation of the argument state leads to sql injection. It is pos…
- CVE-2024-12978HIGHCVSS 7.3EG 7.32024-12-27
A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as critical. This vulnerability affects the function add_req of the file /_parse/_all_edits.php. The manipulation of the argument jid/limit leads to sql inj…
- CVE-2024-12981MEDIUMCVSS 6.3EG 6.32024-12-27
A vulnerability was found in CodeAstro Car Rental System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /bookingconfirm.php. The manipulation of the argument driver_id_from_dro…
- CVE-2024-12999MEDIUMCVSS 6.3EG 6.32024-12-29
A vulnerability has been found in PHPGurukul Small CRM 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-user.php. The manipulation of the argument id leads to sql injection. The attack can be …
- CVE-2024-13000MEDIUMCVSS 6.3EG 6.32024-12-29
A vulnerability was found in PHPGurukul Small CRM 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/quote-details.php. The manipulation of the argument id leads to sql injection. The attack may b…
- CVE-2024-13001MEDIUMCVSS 6.3EG 6.32024-12-29
A vulnerability was found in PHPGurukul Small CRM 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument email leads to sql injection. It is possible to launc…
- CVE-2024-13002HIGHCVSS 7.3EG 7.32024-12-29
A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /order_process.php. The manipulation of the argument fnm l…
- CVE-2024-13003MEDIUMCVSS 6.3EG 6.32024-12-29
A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /update_ed.php. The manipulation of the argument e_id leads to …
- CVE-2024-13004HIGHCVSS 7.3EG 7.32024-12-29
A vulnerability classified as critical has been found in PHPGurukul Complaint Management System 1.0. This affects an unknown part of the file /admin/category.php. The manipulation of the argument state leads to sql injection. It is possibl…
- CVE-2024-13005MEDIUMCVSS 6.3EG 6.32024-12-29
A vulnerability classified as critical was found in 1000 Projects Attendance Tracking Management System 1.0. This vulnerability affects unknown code of the file /admin/attendance_action.php. The manipulation of the argument attendance_id l…
- CVE-2024-13006HIGHCVSS 7.3EG 7.32024-12-29
A vulnerability, which was classified as critical, has been found in 1000 Projects Human Resource Management System 1.0. This issue affects some unknown processing of the file /employeeview.php. The manipulation of the argument search lead…
- CVE-2024-13007MEDIUMCVSS 6.3EG 6.32024-12-29
A vulnerability, which was classified as critical, was found in Codezips Event Management System 1.0. Affected is an unknown function of the file /contact.php. The manipulation of the argument title leads to sql injection. It is possible t…
- CVE-2024-13008MEDIUMCVSS 6.3EG 6.32024-12-29
A vulnerability has been found in code-projects Responsive Hotel Site 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/newsletter.php. The manipulation of the argument eid leads …
- CVE-2024-13014MEDIUMCVSS 6.3EG 6.32024-12-29
A vulnerability has been found in PHPGurukul Maid Hiring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/search-maid.php. The manipulation of the argument sear…
- CVE-2024-13016MEDIUMCVSS 6.3EG 6.32024-12-29
A vulnerability was found in PHPGurukul Maid Hiring Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/edit-category.php. The manipulation of the argument editid leads to sql injectio…
- CVE-2024-13020MEDIUMCVSS 6.3EG 6.32024-12-29
A vulnerability classified as critical was found in code-projects Chat System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/chatroom.php. The manipulation of the argument id leads to sql injection. The …
- CVE-2024-13024MEDIUMCVSS 6.3EG 6.32024-12-29
A vulnerability was found in Codezips Blood Bank Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /campaign.php. The manipulation of the argument cname leads to sql injection. The att…
- CVE-2024-13025MEDIUMCVSS 6.3EG 6.32024-12-29
A vulnerability was found in Codezips College Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /Front-end/faculty.php. The manipulation of the argument book_name/book_author leads to sq…
- CVE-2024-13035MEDIUMCVSS 6.3EG 6.32024-12-30
A vulnerability has been found in code-projects Chat System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/update_user.php. The manipulation of the argument id leads to sql injection. The attack …
- CVE-2024-13036MEDIUMCVSS 6.3EG 6.32024-12-30
A vulnerability was found in code-projects Chat System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/update_room.php. The manipulation of the argument id/name/password leads to sql injection.…
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →