CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,089 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 31 of 102
- CVE-2025-0534HIGHCVSS 7.3EG 7.32025-01-17
A vulnerability was found in 1000 Projects Campaign Management System Platform for Women 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Code/loginnew.php. The manipulation of the argum…
- CVE-2025-0535MEDIUMCVSS 6.3EG 6.32025-01-17
A vulnerability classified as critical has been found in Codezips Gym Management System 1.0. This affects an unknown part of the file /dashboard/admin/edit_mem_submit.php. The manipulation of the argument uid leads to sql injection. It is …
- CVE-2025-0536MEDIUMCVSS 6.3EG 6.32025-01-17
A vulnerability classified as critical was found in 1000 Projects Attendance Tracking Management System 1.0. This vulnerability affects unknown code of the file /admin/edit_action.php. The manipulation of the argument attendance_id leads t…
- CVE-2025-0540MEDIUMCVSS 6.3EG 6.32025-01-17
A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /expadd.php. The manipulation of the argument expcat leads to sql injection. The…
- CVE-2025-0541MEDIUMCVSS 6.3EG 6.32025-01-17
A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dashboard/admin/edit_member.php. The manipulation of the argument name leads to sql injecti…
- CVE-2025-0558MEDIUMCVSS 6.3EG 6.32025-01-18
A vulnerability classified as critical was found in TDuckCloud tduck-platform up to 4.0. This vulnerability affects the function QueryProThemeRequest of the file src/main/java/com/tduck/cloud/form/request/QueryProThemeRequest.java. The man…
- CVE-2025-0561MEDIUMCVSS 6.3EG 6.32025-01-19
A vulnerability has been found in itsourcecode Farm Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /add-pig.php. The manipulation of the argument pigno leads to sql injection. The atta…
- CVE-2025-0562MEDIUMCVSS 6.3EG 6.32025-01-19
A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dashboard/admin/health_status_entry.php. The manipulation of the argument usrid leads to sq…
- CVE-2025-0563MEDIUMCVSS 6.3EG 6.32025-01-19
A vulnerability was found in code-projects Fantasy-Cricket 1.0. It has been classified as critical. Affected is an unknown function of the file /dash/update.php. The manipulation of the argument uname leads to sql injection. It is possible…
- CVE-2025-0564HIGHCVSS 7.3EG 7.32025-01-19
A vulnerability was found in code-projects Fantasy-Cricket 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /authenticate.php. The manipulation of the argument uname leads to sql…
- CVE-2025-0565HIGHCVSS 7.3EG 7.32025-01-19
A vulnerability was found in ZZCMS 2023. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument id leads to sql injection. The attack may be launched rem…
- CVE-2025-0579HIGHCVSS 7.3EG 7.32025-01-20
A vulnerability was found in Shiprocket Module 3/4 on OpenCart. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php?route=extension/shiprocket/module/restapi of the component …
- CVE-2025-0697MEDIUMCVSS 5.3EG 5.32025-01-24
A vulnerability, which was classified as problematic, was found in Telstra Smart Modem Gen 2 up to 20250115. This affects an unknown part of the component HTTP Header Handler. The manipulation of the argument Content-Disposition leads to i…
- CVE-2025-0698MEDIUMCVSS 6.3EG 6.32025-01-24
A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. It has been classified as critical. Affected is an unknown function of the file /admin/sys/menu/list. The manipulation of the argument sort/ord…
- CVE-2025-0699MEDIUMCVSS 6.3EG 6.32025-01-24
A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/sys/role/list. The manipulation…
- CVE-2025-0700MEDIUMCVSS 6.3EG 6.32025-01-24
A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/sys/log/list. The manipulation of the ar…
- CVE-2025-0701MEDIUMCVSS 6.3EG 6.32025-01-24
A vulnerability classified as critical has been found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This affects an unknown part of the file /admin/sys/user/list. The manipulation of the argument sort leads to sql i…
- CVE-2025-0786MEDIUMCVSS 6.3EG 6.32025-01-28
A vulnerability was found in ESAFENET CDG V5. It has been classified as critical. Affected is an unknown function of the file /appDetail.jsp. The manipulation of the argument flowId leads to sql injection. It is possible to launch the atta…
- CVE-2025-0788MEDIUMCVSS 6.3EG 6.32025-01-28
A vulnerability was found in ESAFENET CDG V5. It has been rated as critical. Affected by this issue is some unknown functionality of the file /content_top.jsp. The manipulation of the argument id leads to sql injection. The attack may be l…
- CVE-2025-0789MEDIUMCVSS 6.3EG 6.32025-01-28
A vulnerability classified as critical has been found in ESAFENET CDG V5. This affects an unknown part of the file /doneDetail.jsp. The manipulation of the argument flowId leads to sql injection. It is possible to initiate the attack remot…
- CVE-2025-0791MEDIUMCVSS 6.3EG 6.32025-01-29
A vulnerability, which was classified as critical, has been found in ESAFENET CDG V5. This issue affects some unknown processing of the file /sdDoneDetail.jsp. The manipulation of the argument flowId leads to sql injection. The attack may …
- CVE-2025-0792MEDIUMCVSS 6.3EG 6.32025-01-29
A vulnerability, which was classified as critical, was found in ESAFENET CDG V5. Affected is an unknown function of the file /sdTodoDetail.jsp. The manipulation of the argument flowId leads to sql injection. It is possible to launch the at…
- CVE-2025-0793MEDIUMCVSS 6.3EG 6.32025-01-29
A vulnerability has been found in ESAFENET CDG V5 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /todoDetail.jsp. The manipulation of the argument flowId leads to sql injection. The attac…
- CVE-2025-0803HIGHCVSS 7.3EG 7.32025-01-29
A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/admin/submit_plan_new.php. The manipulation of the argumen…
- CVE-2025-0842HIGHCVSS 7.3EG 7.32025-01-29
A vulnerability was found in needyamin Library Card System 1.0 and classified as critical. This issue affects some unknown processing of the file admin.php of the component Login. The manipulation of the argument email/password leads to sq…
- CVE-2025-0843HIGHCVSS 7.3EG 7.32025-01-29
A vulnerability was found in needyamin Library Card System 1.0. It has been classified as critical. Affected is an unknown function of the file admindashboard.php of the component Admin Panel. The manipulation of the argument email/passwor…
- CVE-2025-0846HIGHCVSS 7.3EG 7.32025-01-30
A vulnerability was found in 1000 Projects Employee Task Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/AdminLogin.php. The manipulation of the argument email leads to sql injecti…
- CVE-2025-0847HIGHCVSS 7.3EG 7.32025-01-30
A vulnerability was found in 1000 Projects Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /index.php of the component Login. The manipulation of the argument email…
- CVE-2025-0872MEDIUMCVSS 6.3EG 6.32025-01-30
A vulnerability classified as critical has been found in itsourcecode Tailoring Management System 1.0. Affected is an unknown function of the file /addpayment.php. The manipulation of the argument id/amount/desc/inccat leads to sql injecti…
- CVE-2025-0873MEDIUMCVSS 6.3EG 6.32025-01-30
A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /customeredit.php. The manipulation of the argument id/address/fullnam…
- CVE-2025-0874MEDIUMCVSS 6.3EG 6.32025-01-30
A vulnerability, which was classified as critical, has been found in code-projects Simple Plugins Car Rental Management 1.0. Affected by this issue is some unknown functionality of the file /admin/approve.php. The manipulation of the argum…
- CVE-2025-0880MEDIUMCVSS 6.3EG 6.32025-01-30
A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dashboard/admin/updateplan.php. The manipulation of the argument planid leads to sql inject…
- CVE-2025-0881MEDIUMCVSS 6.3EG 6.32025-01-30
A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/saveroutine.php. The manipulation of the argument rname leads to sql injectio…
- CVE-2025-0882MEDIUMCVSS 6.3EG 6.32025-01-30
A vulnerability was found in code-projects Chat System up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /user/addnewmember.php. The manipulation of the argument user leads …
- CVE-2025-0934MEDIUMCVSS 6.3EG 6.32025-01-31
A vulnerability was found in code-projects Job Recruitment 1.0. It has been classified as problematic. This affects an unknown part of the file /parse/_call_job_search_ajax.php. The manipulation of the argument n leads to sql injection. It…
- CVE-2025-0943MEDIUMCVSS 6.3EG 6.32025-02-01
A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file deldoc.php. The manipulation of the argument id leads to sql injection. The at…
- CVE-2025-0944MEDIUMCVSS 6.3EG 6.32025-02-01
A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file customerview.php. The manipulation of the argument id leads to sql injection. …
- CVE-2025-0945MEDIUMCVSS 6.3EG 6.32025-02-01
A vulnerability classified as critical has been found in itsourcecode Tailoring Management System 1.0. Affected is an unknown function of the file typedelete.php. The manipulation of the argument id leads to sql injection. It is possible t…
- CVE-2025-0946MEDIUMCVSS 6.3EG 6.32025-02-01
A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Affected by this vulnerability is an unknown functionality of the file templatedelete.php. The manipulation of the argument id leads to sql i…
- CVE-2025-0947MEDIUMCVSS 6.3EG 6.32025-02-01
A vulnerability, which was classified as critical, has been found in itsourcecode Tailoring Management System 1.0. Affected by this issue is some unknown functionality of the file expview.php. The manipulation of the argument expid leads t…
- CVE-2025-0948MEDIUMCVSS 6.3EG 6.32025-02-01
A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System 1.0. This affects an unknown part of the file incview.php. The manipulation of the argument incid leads to sql injection. It is possib…
- CVE-2025-0949MEDIUMCVSS 6.3EG 6.32025-02-01
A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file partview.php. The manipulation of the argument typeid leads to sql injection. Th…
- CVE-2025-0950MEDIUMCVSS 6.3EG 6.32025-02-01
A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. This issue affects some unknown processing of the file staffview.php. The manipulation of the argument staffid leads to sql injection. Th…
- CVE-2025-0967MEDIUMCVSS 6.3EG 6.32025-02-02
A vulnerability was found in code-projects Chat System 1.0 and classified as critical. This issue affects some unknown processing of the file /user/add_chatroom.php. The manipulation of the argument chatname/chatpass leads to sql injection…
- CVE-2025-10011MEDIUMCVSS 6.3EG 6.32025-09-05
A weakness has been identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/TabelaArredondamento/edit. This manipulation of the argument ID causes sql injection. Remote exploitation of …
- CVE-2025-10012MEDIUMCVSS 6.3EG 6.32025-09-05
A security vulnerability has been detected in Portabilis i-Educar up to 2.10. The impacted element is an unknown function of the file educar_historico_escolar_lst.php. Such manipulation of the argument ref_cod_aluno leads to sql injection.…
- CVE-2025-10025HIGHCVSS 7.3EG 7.32025-09-05
A vulnerability has been found in PHPGurukul Online Course Registration 3.1. Affected is an unknown function of the file /admin/semester.php. The manipulation of the argument semester leads to sql injection. It is possible to initiate the …
- CVE-2025-10030HIGHCVSS 7.3EG 7.32025-09-06
A weakness has been identified in Campcodes Grocery Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=save_receiving. Executing manipulation of the argument ID can lead to sql injection…
- CVE-2025-10031HIGHCVSS 7.3EG 7.32025-09-06
A security vulnerability has been detected in Campcodes Grocery Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=delete_sales. The manipulation of the argument ID leads to sql injection. Remote e…
- CVE-2025-10033HIGHCVSS 7.3EG 7.32025-09-06
A vulnerability has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown function of the file /admin. Such manipulation of the argument Username leads to sql injection. The attack may be performed from remote. Th…
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →