CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,089 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 32 of 102
- CVE-2025-10062HIGHCVSS 7.3EG 7.32025-09-06
A vulnerability was determined in itsourcecode Student Information Management System 1.0. This affects an unknown part of the file /admin/login.php. Executing manipulation of the argument uname can lead to sql injection. The attack may be …
- CVE-2025-10068HIGHCVSS 7.3EG 7.32025-09-07
A flaw has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown function of the file /admin/admin_forum/add_views.php. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch…
- CVE-2025-10076HIGHCVSS 7.3EG 7.32025-09-08
A weakness has been identified in SourceCodester Online Polling System 1.0. This affects an unknown function of the file /manage-profile.php. This manipulation of the argument email causes sql injection. The attack may be initiated remotel…
- CVE-2025-10077HIGHCVSS 7.3EG 7.32025-09-08
A security vulnerability has been detected in SourceCodester Online Polling System 1.0. This impacts an unknown function of the file /registeracc.php. Such manipulation of the argument email leads to sql injection. The attack may be launch…
- CVE-2025-10078HIGHCVSS 7.3EG 7.32025-09-08
A vulnerability was detected in SourceCodester Online Polling System 1.0. Affected is an unknown function of the file /admin/candidates.php. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the at…
- CVE-2025-10079HIGHCVSS 7.3EG 7.32025-09-08
A flaw has been found in PHPGurukul Small CRM 4.0. Affected by this vulnerability is an unknown functionality of the file /get-quote.php. Executing manipulation of the argument Contact can lead to sql injection. The attack can be executed …
- CVE-2025-10082HIGHCVSS 7.3EG 7.32025-09-08
A vulnerability has been found in SourceCodester Online Polling System 1.0. Affected is an unknown function of the file /admin/manage-admins.php. Such manipulation of the argument email leads to sql injection. The attack can be executed re…
- CVE-2025-10087MEDIUMCVSS 4.7EG 4.72025-09-08
A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/profit_report.php. Such manipulation of the argument product_id leads to sql injection. T…
- CVE-2025-10090HIGHCVSS 7.3EG 7.32025-09-08
A flaw has been found in Jinher OA up to 1.2. The impacted element is an unknown function of the file /C6/Jhsoft.Web.departments/GetTreeDate.aspx. Executing manipulation of the argument ID can lead to sql injection. The attack may be launc…
- CVE-2025-10097MEDIUMCVSS 6.3EG 6.32025-09-08
A vulnerability was identified in SimStudioAI sim up to 1.0.0. This impacts an unknown function of the file apps/sim/app/api/function/execute/route.ts. The manipulation of the argument code leads to code injection. The attack is possible t…
- CVE-2025-10098MEDIUMCVSS 6.3EG 6.32025-09-08
A security flaw has been discovered in PHPGurukul User Management System 1.0. Affected is an unknown function of the file /admin/edit-user-profile.php. The manipulation of the argument uid results in sql injection. The attack may be perfor…
- CVE-2025-10100HIGHCVSS 7.3EG 7.32025-09-08
A vulnerability was detected in SourceCodester Simple Forum Discussion System 1.0. This impacts an unknown function of the file /admin_class.php?action=login. Performing manipulation of the argument Username results in sql injection. It is…
- CVE-2025-10102HIGHCVSS 7.3EG 7.32025-09-08
A security flaw has been discovered in code-projects Online Event Judging System 1.0. This affects an unknown function of the file /index.php. Performing manipulation of the argument Username results in sql injection. The attack is possibl…
- CVE-2025-10103HIGHCVSS 7.3EG 7.32025-09-08
A weakness has been identified in code-projects Online Event Judging System 1.0. This impacts an unknown function of the file /home.php. Executing manipulation of the argument main_event can lead to sql injection. The attack may be perform…
- CVE-2025-10104HIGHCVSS 7.3EG 7.32025-09-08
A security vulnerability has been detected in code-projects Online Event Judging System 1.0. Affected is an unknown function of the file /review_search.php. The manipulation of the argument txtsearch leads to sql injection. It is possible …
- CVE-2025-10105MEDIUMCVSS 6.3EG 6.32025-09-08
A flaw has been found in yanyutao0402 ChanCMS up to 3.3.1. Affected by this issue is some unknown functionality of the file /cms/article/search. This manipulation of the argument keyword causes sql injection. The attack can be initiated re…
- CVE-2025-10106MEDIUMCVSS 6.3EG 6.32025-09-08
A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.1. This affects an unknown part of the file /cms/collect/search. Such manipulation of the argument keyword leads to sql injection. The attack can be launched remotely. The ex…
- CVE-2025-10107MEDIUMCVSS 4.7EG 4.72025-09-09
A vulnerability has been found in TRENDnet TEW-831DR 1.0 (601.130.1.1410). Impacted is an unknown function of the file /boafrm/formSysCmd. The manipulation of the argument sysHost leads to command injection. The attack is possible to be ca…
- CVE-2025-10108HIGHCVSS 7.3EG 7.32025-09-08
A vulnerability was found in Campcodes Online Loan Management System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=delete_loan. Performing manipulation of the argument ID results in sql injection. The attack may…
- CVE-2025-10109HIGHCVSS 7.3EG 7.32025-09-08
A vulnerability was determined in Campcodes Online Loan Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=delete_payment. Executing manipulation of the argument ID can lead to sql injection. The…
- CVE-2025-10110MEDIUMCVSS 6.3EG 6.32025-09-08
A vulnerability was identified in ChanCMS up to 3.3.1. Impacted is an unknown function of the file /search/. The manipulation with the input '%20or%201=1%20%23/words.html leads to sql injection. Remote exploitation of the attack is possibl…
- CVE-2025-10111HIGHCVSS 7.3EG 7.32025-09-08
A security flaw has been discovered in itsourcecode Student Information Management System 1.0. The affected element is an unknown function of the file /admin/modules/instructor/index.php. The manipulation of the argument ID results in sql …
- CVE-2025-10112HIGHCVSS 7.3EG 7.32025-09-09
A weakness has been identified in itsourcecode Student Information Management System 1.0. The impacted element is an unknown function of the file /admin/modules/department/index.php. This manipulation of the argument ID causes sql injectio…
- CVE-2025-10113HIGHCVSS 7.3EG 7.32025-09-09
A security vulnerability has been detected in itsourcecode Student Information Management System 1.0. This affects an unknown function of the file /admin/modules/room/index.php. Such manipulation of the argument ID leads to sql injection. …
- CVE-2025-10114HIGHCVSS 7.3EG 7.32025-09-09
A vulnerability was found in PHPGurukul Small CRM 4.0. Affected by this issue is some unknown functionality of the file /profile.php. The manipulation of the argument Name results in sql injection. The attack can be launched remotely. The …
- CVE-2025-10115HIGHCVSS 7.3EG 7.32025-09-09
A vulnerability was determined in SiempreCMS up to 1.3.6. This affects an unknown part of the file user_search_ajax.php. This manipulation of the argument name/userName causes sql injection. The attack may be initiated remotely. The exploi…
- CVE-2025-10118HIGHCVSS 7.3EG 7.32025-09-09
A security vulnerability has been detected in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. The affected element is an unknown function of the file /login.php. The manipulation of the argument Username leads to sql…
- CVE-2025-10121MEDIUMCVSS 6.3EG 6.32025-09-09
A flaw has been found in uverif up to 3.2. This affects the function addbatch of the file /admin/kami_list. This manipulation of the argument note causes sql injection. It is possible to initiate the attack remotely. The exploit has been p…
- CVE-2025-10122MEDIUMCVSS 4.7EG 4.72025-09-09
A vulnerability was found in Maccms10 2025.1000.4050. Affected is the function rep of the file application/admin/controller/Database.php. Performing manipulation of the argument where results in sql injection. The attack can be initiated r…
- CVE-2025-10123HIGHCVSS 7.3EG 7.32025-09-09
A vulnerability was determined in D-Link DIR-823X up to 250416. Affected by this vulnerability is the function sub_415028 of the file /goform/set_static_leases. Executing manipulation of the argument Hostname can lead to command injection.…
- CVE-2025-10197MEDIUMCVSS 6.3EG 6.32025-09-10
A vulnerability was found in HJSoft HCM Human Resources Management System up to 20250822. Affected by this vulnerability is an unknown functionality of the file /templates/attestation/../../selfservice/lawresource/downlawbase. Performing m…
- CVE-2025-10210MEDIUMCVSS 6.3EG 6.32025-09-10
A weakness has been identified in yanyutao0402 ChanCMS up to 3.3.0. Impacted is the function Search of the file app/modules/api/service/Api.js. Executing manipulation of the argument key can lead to sql injection. The attack can be launche…
- CVE-2025-10218MEDIUMCVSS 6.3EG 6.32025-09-10
A flaw has been found in lostvip-com ruoyi-go 2.1. This affects the function SelectListPage of the file modules/system/dao/SysRoleDao.go of the component Background Management Page. This manipulation of the argument sortName causes sql inj…
- CVE-2025-10251MEDIUMCVSS 6.3EG 6.32025-09-11
A vulnerability was detected in FoxCMS up to 1.24. Affected by this issue is the function batchCope of the file /app/admin/controller/Images.php. The manipulation of the argument ids results in sql injection. It is possible to launch the a…
- CVE-2025-10323HIGHCVSS 7.3EG 7.32025-09-12
A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is the function sub_409184 of the file /wizard_rep.shtml. The manipulation of the argument sel_EncrypTyp results in command injection. The attack may be performed…
- CVE-2025-10324HIGHCVSS 7.3EG 7.32025-09-12
A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects the function sub_401C5C of the file firewall.cgi. This manipulation of the argument pingFrmWANFilterEnabled/blockSynFloodEnabled/blockPortScanEnabled/remoteManagemen…
- CVE-2025-10325MEDIUMCVSS 6.3EG 6.32025-09-12
A vulnerability was identified in Wavlink WL-WN578W2 221110. This impacts the function sub_401340/sub_401BA4 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to command injection. It is possible to launch the …
- CVE-2025-10387MEDIUMCVSS 6.3EG 6.32025-09-14
A vulnerability was determined in codesiddhant Jasmin Ransomware up to 1.0.1. This vulnerability affects unknown code of the file /handshake.php. This manipulation of the argument machine_name/computer_user/os/date/time/ip/location/systemi…
- CVE-2025-10394MEDIUMCVSS 4.7EG 4.72025-09-14
A vulnerability has been found in fcba_zzm ics-park Smart Park Management System 2.0. Affected is an unknown function of the file ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/JobController.java of the component Scheduled Task Mod…
- CVE-2025-10396HIGHCVSS 7.3EG 7.32025-09-14
A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/edit_role.php. Executing manipulation of the argument ID can lead to sql injecti…
- CVE-2025-10399MEDIUMCVSS 6.3EG 6.32025-09-14
A weakness has been identified in Korzh EasyQuery up to 7.4.0. This issue affects some unknown processing of the file /api/easyquery/models/nwind/fetch of the component Query Builder UI. This manipulation causes sql injection. The attack m…
- CVE-2025-10400MEDIUMCVSS 6.3EG 6.32025-09-14
A security vulnerability has been detected in SourceCodester Food Ordering Management System 1.0. Impacted is an unknown function of the file /routers/ticket-message.php. Such manipulation of the argument ticket_id leads to sql injection. …
- CVE-2025-10401MEDIUMCVSS 6.3EG 6.32025-09-14
A vulnerability was detected in D-Link DIR-823x up to 250416. The affected element is an unknown function of the file /goform/diag_ping. Performing manipulation of the argument target_addr results in command injection. Remote exploitation …
- CVE-2025-10402HIGHCVSS 7.3EG 7.32025-09-14
A flaw has been found in PHPGurukul Beauty Parlour Management System 1.1. The impacted element is an unknown function of the file /admin/readenq.php. Executing manipulation of the argument delid can lead to sql injection. The attack can be…
- CVE-2025-10403HIGHCVSS 7.3EG 7.32025-09-14
A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown function of the file /admin/view-enquiry.php. The manipulation of the argument viewid leads to sql injection. The attack is possible…
- CVE-2025-10404HIGHCVSS 7.3EG 7.32025-09-14
A vulnerability was found in itsourcecode Baptism Information Management System 1.0. This impacts an unknown function of the file /rptbaptismal.php. The manipulation of the argument ID results in sql injection. The attack may be performed …
- CVE-2025-10405HIGHCVSS 7.3EG 7.32025-09-14
A vulnerability was determined in itsourcecode Baptism Information Management System 1.0. Affected is an unknown function of the file /listbaptism.php. This manipulation of the argument bapt_id causes sql injection. It is possible to initi…
- CVE-2025-10407MEDIUMCVSS 6.3EG 6.32025-09-14
A vulnerability was identified in SourceCodester Student Grading System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_user.php. Such manipulation of the argument ID leads to sql injection. It is possible…
- CVE-2025-10408MEDIUMCVSS 6.3EG 6.32025-09-14
A security flaw has been discovered in SourceCodester Student Grading System 1.0. Affected by this issue is some unknown functionality of the file /edit_user.php. Performing manipulation of the argument ID results in sql injection. The att…
- CVE-2025-10409MEDIUMCVSS 6.3EG 6.32025-09-14
A weakness has been identified in SourceCodester Student Grading System 1.0. This affects an unknown part of the file /rms.php?page=users. Executing manipulation of the argument fname can lead to sql injection. The attack can be launched r…
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →