CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,087 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 30 of 102
- CVE-2025-0201MEDIUMCVSS 6.3EG 6.32025-01-04
A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user/update_account.php. The manipulation of the ar…
- CVE-2025-0203MEDIUMCVSS 6.3EG 6.32025-01-04
A vulnerability was found in code-projects Student Management System 1.0. It has been declared as critical. This vulnerability affects the function showSubject1 of the file /config/DbFunction.php. The manipulation of the argument sid leads…
- CVE-2025-0204MEDIUMCVSS 6.3EG 6.32025-01-04
A vulnerability was found in code-projects Online Shoe Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file /details.php. The manipulation of the argument id leads to sql injection. The attack ma…
- CVE-2025-0205MEDIUMCVSS 6.3EG 6.32025-01-04
A vulnerability classified as critical has been found in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /details2.php. The manipulation of the argument id leads to sql injection. It is possible to launch t…
- CVE-2025-0207HIGHCVSS 7.3EG 7.32025-01-04
A vulnerability, which was classified as critical, has been found in code-projects Online Shoe Store 1.0. Affected by this issue is some unknown functionality of the file /function/login.php. The manipulation of the argument password leads…
- CVE-2025-0208MEDIUMCVSS 6.3EG 6.32025-01-04
A vulnerability, which was classified as critical, was found in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /summary.php. The manipulation of the argument tid leads to sql injection. It is possible to init…
- CVE-2025-0210HIGHCVSS 7.3EG 7.32025-01-04
A vulnerability has been found in Campcodes School Faculty Scheduling System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login. The manipulation of the argum…
- CVE-2025-0212MEDIUMCVSS 6.3EG 6.32025-01-04
A vulnerability was found in Campcodes Student Grading System 1.0. It has been classified as critical. This affects an unknown part of the file /view_students.php. The manipulation of the argument id leads to sql injection. It is possible …
- CVE-2025-0214MEDIUMCVSS 4.1EG 4.12025-01-04
A vulnerability was found in TMD Custom Header Menu 4.0.0.1 on OpenCart. It has been rated as problematic. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument headermenu_id leads to sql…
- CVE-2025-0229MEDIUMCVSS 6.3EG 6.32025-01-05
A vulnerability, which was classified as critical, has been found in code-projects Travel Management System 1.0. This issue affects some unknown processing of the file /enquiry.php. The manipulation of the argument pid/t1/t2/t3/t4/t5/t6/t7…
- CVE-2025-0230MEDIUMCVSS 6.3EG 6.32025-01-05
A vulnerability, which was classified as critical, was found in code-projects Responsive Hotel Site 1.0. Affected is an unknown function of the file /admin/print.php. The manipulation of the argument pid leads to sql injection. It is possi…
- CVE-2025-0231MEDIUMCVSS 6.3EG 6.32025-01-05
A vulnerability has been found in Codezips Gym Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard/admin/submit_payments.php. The manipulation of the argument …
- CVE-2025-0232MEDIUMCVSS 6.3EG 6.32025-01-05
A vulnerability was found in Codezips Blood Bank Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /successadmin.php. The manipulation of the argument psw leads to sql inject…
- CVE-2025-0233HIGHCVSS 7.3EG 7.32025-01-05
A vulnerability was found in Codezips Project Management System 1.0. It has been classified as critical. This affects an unknown part of the file /pages/forms/course.php. The manipulation of the argument course_name leads to sql injection.…
- CVE-2025-0294MEDIUMCVSS 4.7EG 4.72025-01-07
A vulnerability has been found in SourceCodester Home Clean Services Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /public_html/admin/process.php. The manipulation …
- CVE-2025-0296MEDIUMCVSS 6.3EG 6.32025-01-07
A vulnerability was found in code-projects Online Book Shop 1.0. It has been classified as critical. This affects an unknown part of the file /booklist.php. The manipulation of the argument subcatid leads to sql injection. It is possible t…
- CVE-2025-0297MEDIUMCVSS 6.3EG 6.32025-01-07
A vulnerability was found in code-projects Online Book Shop 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /detail.php. The manipulation of the argument id leads to sql injection. The attack can …
- CVE-2025-0298MEDIUMCVSS 6.3EG 6.32025-01-07
A vulnerability was found in code-projects Online Book Shop 1.0. It has been rated as critical. This issue affects some unknown processing of the file /process_login.php. The manipulation of the argument usernm leads to sql injection. The …
- CVE-2025-0299MEDIUMCVSS 6.3EG 6.32025-01-07
A vulnerability classified as critical has been found in code-projects Online Book Shop 1.0. Affected is an unknown function of the file /search_result.php. The manipulation of the argument s leads to sql injection. It is possible to launc…
- CVE-2025-0300MEDIUMCVSS 6.3EG 6.32025-01-07
A vulnerability classified as critical was found in code-projects Online Book Shop 1.0. Affected by this vulnerability is an unknown functionality of the file /subcat.php. The manipulation of the argument cat leads to sql injection. The at…
- CVE-2025-0328HIGHCVSS 7.3EG 7.32025-01-09
A vulnerability, which was classified as critical, has been found in KaiYuanTong ECT Platform up to 2.0.0. Affected by this issue is some unknown functionality of the file /public/server/runCode.php of the component HTTP POST Request Handl…
- CVE-2025-0333MEDIUMCVSS 6.3EG 6.32025-01-09
A vulnerability, which was classified as critical, was found in leiyuxi cy-fast 1.0. Affected is the function listData of the file /sys/role/listData. The manipulation of the argument order leads to sql injection. It is possible to launch …
- CVE-2025-0334MEDIUMCVSS 6.3EG 6.32025-01-09
A vulnerability has been found in leiyuxi cy-fast 1.0 and classified as critical. Affected by this vulnerability is the function listData of the file /sys/user/listData. The manipulation of the argument order leads to sql injection. The at…
- CVE-2025-0336MEDIUMCVSS 6.3EG 6.32025-01-09
A vulnerability was found in Codezips Project Management System 1.0. It has been classified as critical. This affects an unknown part of the file /pages/forms/teacher.php. The manipulation of the argument name leads to sql injection. It is…
- CVE-2025-0340HIGHCVSS 7.3EG 7.32025-01-09
A vulnerability classified as critical was found in code-projects Cinema Seat Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/deleteBooking.php. The manipulation of the argument id lead…
- CVE-2025-0344MEDIUMCVSS 6.3EG 6.32025-01-09
A vulnerability has been found in leiyuxi cy-fast 1.0 and classified as critical. Affected by this vulnerability is the function listData of the file /commpara/listData. The manipulation of the argument order leads to sql injection. The at…
- CVE-2025-0345MEDIUMCVSS 6.3EG 6.32025-01-09
A vulnerability was found in leiyuxi cy-fast 1.0 and classified as critical. Affected by this issue is the function listData of the file /sys/menu/listData. The manipulation of the argument order leads to sql injection. The attack may be l…
- CVE-2025-0347HIGHCVSS 7.3EG 7.32025-01-09
A vulnerability was found in code-projects Admission Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file index.php of the component Login. The manipulation of the argument u_id leads…
- CVE-2025-0391MEDIUMCVSS 6.3EG 6.32025-01-11
A vulnerability, which was classified as critical, has been found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This issue affects the function saveOrUpdate of the file org/jeecgframework/web/cgform/controller/build/CgFo…
- CVE-2025-0392MEDIUMCVSS 6.3EG 6.32025-01-11
A vulnerability, which was classified as critical, was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. Affected is the function datagridGraph of the file /graphReportController.do. The manipulation of the argument st…
- CVE-2025-0396HIGHCVSS 7.8EG 7.82025-01-12
A vulnerability, which was classified as critical, has been found in exelban stats up to 2.11.21. This issue affects the function shouldAcceptNewConnection of the component XPC Service. The manipulation leads to command injection. It is po…
- CVE-2025-0404MEDIUMCVSS 6.3EG 6.32025-01-13
A vulnerability has been found in liujianview gymxmjpa 1.0 and classified as critical. This vulnerability affects the function CoachController of the file src/main/java/com/liujian/gymxmjpa/controller/CoachController.java. The manipulation…
- CVE-2025-0405MEDIUMCVSS 6.3EG 6.32025-01-13
A vulnerability was found in liujianview gymxmjpa 1.0 and classified as critical. This issue affects the function GoodsDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/GoodsController.java. The manipulation of the argument…
- CVE-2025-0406MEDIUMCVSS 6.3EG 6.32025-01-13
A vulnerability was found in liujianview gymxmjpa 1.0. It has been classified as critical. Affected is the function SubjectDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/SubjectController.java. The manipulation of the ar…
- CVE-2025-0407MEDIUMCVSS 6.3EG 6.32025-01-13
A vulnerability was found in liujianview gymxmjpa 1.0. It has been declared as critical. Affected by this vulnerability is the function EquipmentDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/EquipmentController.java. Th…
- CVE-2025-0408MEDIUMCVSS 6.3EG 6.32025-01-13
A vulnerability was found in liujianview gymxmjpa 1.0. It has been rated as critical. Affected by this issue is the function LoosDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/LoosController.java. The manipulation of the…
- CVE-2025-0409MEDIUMCVSS 6.3EG 6.32025-01-13
A vulnerability classified as critical has been found in liujianview gymxmjpa 1.0. This affects the function MembertypeDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/MembertypeController.java. The manipulation of the arg…
- CVE-2025-0410MEDIUMCVSS 6.3EG 6.32025-01-13
A vulnerability classified as critical was found in liujianview gymxmjpa 1.0. This vulnerability affects the function MenberDaoInpl of the file src/main/java/com/liujian/gymxmjpa/controller/MenberConntroller.java. The manipulation of the a…
- CVE-2025-0462MEDIUMCVSS 6.3EG 6.32025-01-14
A vulnerability was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0 and classified as critical. This issue affects some unknown processing of the file /crm/weixinmp/index.php?userid=123&module=Users&usid=1&acti…
- CVE-2025-0486HIGHCVSS 7.3EG 7.32025-01-15
A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /fladmin/login.php. The manipulation of the argument username leads to sql …
- CVE-2025-0487MEDIUMCVSS 6.3EG 6.32025-01-15
A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /fladmin/cat_edit.php. The manipulation of the argument id leads to sql injection. T…
- CVE-2025-0488MEDIUMCVSS 6.3EG 6.32025-01-15
A vulnerability classified as critical has been found in Fanli2012 native-php-cms 1.0. This affects an unknown part of the file product_list.php. The manipulation of the argument cat leads to sql injection. It is possible to initiate the a…
- CVE-2025-0489MEDIUMCVSS 6.3EG 6.32025-01-15
A vulnerability classified as critical was found in Fanli2012 native-php-cms 1.0. This vulnerability affects unknown code of the file /fladmin/friendlink_dodel.php. The manipulation of the argument id leads to sql injection. The attack can…
- CVE-2025-0490MEDIUMCVSS 6.3EG 6.32025-01-15
A vulnerability, which was classified as critical, has been found in Fanli2012 native-php-cms 1.0. This issue affects some unknown processing of the file /fladmin/article_dodel.php. The manipulation of the argument id leads to sql injectio…
- CVE-2025-0491MEDIUMCVSS 6.3EG 6.32025-01-15
A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. Affected is an unknown function of the file /fladmin/cat_dodel.php. The manipulation of the argument id leads to sql injection. It is possible to…
- CVE-2025-0527HIGHCVSS 7.3EG 7.32025-01-17
A vulnerability classified as critical was found in code-projects Admission Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /signupconfirm.php. The manipulation of the argument in_eml leads to …
- CVE-2025-0528HIGHCVSS 7.2EG 7.22025-01-17
A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16.03.10.20. Affected by this issue is some unknown functionality of the file /goform/telnet of the component HTTP Request Handler. The manipulat…
- CVE-2025-0531MEDIUMCVSS 6.3EG 6.32025-01-17
A vulnerability was found in code-projects Chat System 1.0 and classified as critical. This issue affects some unknown processing of the file /user/leaveroom.php. The manipulation of the argument id leads to sql injection. The attack may b…
- CVE-2025-0532MEDIUMCVSS 6.3EG 6.32025-01-17
A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/new_submit.php. The manipulation of the argument m_id leads to sql injection.…
- CVE-2025-0533HIGHCVSS 7.3EG 7.32025-01-17
A vulnerability was found in 1000 Projects Campaign Management System Platform for Women 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /Code/sc_login.php. The manipulation of …
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →