CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,089 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 33 of 102
- CVE-2025-10413HIGHCVSS 7.3EG 7.32025-09-14
A vulnerability has been found in Campcodes Grocery Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=delete_customer. Such manipulation of the argument ID leads to sql injection. The …
- CVE-2025-10414HIGHCVSS 7.3EG 7.32025-09-14
A vulnerability was found in Campcodes Grocery Sales and Inventory System 1.0. The impacted element is an unknown function of the file /ajax.php?action=save_customer. Performing manipulation of the argument ID results in sql injection. The…
- CVE-2025-10415HIGHCVSS 7.3EG 7.32025-09-14
A vulnerability was determined in Campcodes Grocery Sales and Inventory System 1.0. This affects an unknown function of the file /ajax.php?action=save_supplier. Executing manipulation of the argument ID can lead to sql injection. The attac…
- CVE-2025-10416HIGHCVSS 7.3EG 7.32025-09-15
A vulnerability was identified in Campcodes Grocery Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=delete_supplier. The manipulation of the argument ID leads to sql injection. It is possible t…
- CVE-2025-10417HIGHCVSS 7.3EG 7.32025-09-15
A security flaw has been discovered in Campcodes Grocery Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=delete_product. The manipulation of the argument ID results in sql injection. It is possi…
- CVE-2025-10418MEDIUMCVSS 6.3EG 6.32025-09-15
A weakness has been identified in SourceCodester Student Grading System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_students.php. This manipulation of the argument ID causes sql injection. The attack c…
- CVE-2025-10419MEDIUMCVSS 6.3EG 6.32025-09-15
A security vulnerability has been detected in SourceCodester Student Grading System 1.0. Affected by this issue is some unknown functionality of the file /del_promote.php. Such manipulation of the argument sy leads to sql injection. The at…
- CVE-2025-10420MEDIUMCVSS 6.3EG 6.32025-09-15
A vulnerability was detected in SourceCodester Student Grading System 1.0. This affects an unknown part of the file /form137.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. Th…
- CVE-2025-10421MEDIUMCVSS 6.3EG 6.32025-09-15
A flaw has been found in SourceCodester Student Grading System 1.0. This vulnerability affects unknown code of the file /update_account.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched re…
- CVE-2025-10426HIGHCVSS 7.3EG 7.32025-09-15
A security flaw has been discovered in itsourcecode Online Laundry Management System 1.0. This affects an unknown function of the file /login.php. Performing manipulation of the argument Username results in sql injection. It is possible to…
- CVE-2025-10429MEDIUMCVSS 6.3EG 6.32025-09-15
A vulnerability was detected in SourceCodester Pet Grooming Management Software 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax_product.php. The manipulation of the argument drop_services results in …
- CVE-2025-10430MEDIUMCVSS 6.3EG 6.32025-09-15
A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/barcode.php. This manipulation of the argument ID causes sql injection. The attack may be…
- CVE-2025-10431MEDIUMCVSS 6.3EG 6.32025-09-15
A vulnerability has been found in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file /admin/ajax_represent.php. Such manipulation of the argument ID leads to sql injection. The attack may be launc…
- CVE-2025-10435HIGHCVSS 7.3EG 7.32025-09-15
A security flaw has been discovered in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/cust_edit1.php. The manipulation of the argument ID results in sql injection. The atta…
- CVE-2025-10436HIGHCVSS 7.3EG 7.32025-09-15
A weakness has been identified in Campcodes Computer Sales and Inventory System 1.0. The impacted element is an unknown function of the file /pages/sup_searchfrm.php?action=edit. This manipulation of the argument ID causes sql injection. I…
- CVE-2025-10444HIGHCVSS 7.3EG 7.32025-09-15
A security flaw has been discovered in Campcodes Online Job Finder System 1.0. This issue affects some unknown processing of the file /advancesearch.php. Performing manipulation of the argument Username results in sql injection. The attack…
- CVE-2025-10445HIGHCVSS 7.3EG 7.32025-09-15
A weakness has been identified in Campcodes Computer Sales and Inventory System 1.0. Impacted is an unknown function of the file /pages/us_transac.php?action=add. Executing manipulation of the argument Username can lead to sql injection. T…
- CVE-2025-10446HIGHCVSS 7.3EG 7.32025-09-15
A security vulnerability has been detected in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/cust_searchfrm.php?action=edit. The manipulation of the argument ID leads to sq…
- CVE-2025-10448HIGHCVSS 7.3EG 7.32025-09-15
A flaw has been found in Campcodes Online Job Finder System 1.0. This affects an unknown function of the file /index.php?q=result&searchfor=bycompany. This manipulation of the argument Search causes sql injection. The attack can be initiat…
- CVE-2025-10459HIGHCVSS 7.3EG 7.32025-09-15
A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/all-appointment.php. The manipulation of the argument delid results in sql injection. The attack can be…
- CVE-2025-10473MEDIUMCVSS 6.3EG 6.32025-09-15
A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This impacts the function filterKeyword of the file /com/ruoyi/common/utils/sql/SqlUtil.java of the component Blacklist Handler. The manipulation results in sql inject…
- CVE-2025-10477MEDIUMCVSS 6.3EG 6.32025-09-15
A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The affected element is an unknown function of the file /Profilers/PriProfile/eligibility.php. Such manipulation of the argument…
- CVE-2025-10479HIGHCVSS 7.3EG 7.32025-09-15
A security flaw has been discovered in SourceCodester Online Student File Management System 1.0. The impacted element is an unknown function of the file /index.php. Performing manipulation of the argument stud_no results in sql injection. …
- CVE-2025-10481MEDIUMCVSS 6.3EG 6.32025-09-15
A security vulnerability has been detected in SourceCodester Online Student File Management System 1.0. This impacts an unknown function of the file /remove_file.php. The manipulation of the argument ID leads to sql injection. Remote explo…
- CVE-2025-10482HIGHCVSS 7.3EG 7.32025-09-15
A vulnerability was detected in SourceCodester Online Student File Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument Username results in sql injection. The attack can be e…
- CVE-2025-10483MEDIUMCVSS 6.3EG 6.32025-09-15
A flaw has been found in SourceCodester Online Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/save_user.php. This manipulation of the argument firstname causes sql injectio…
- CVE-2025-10562HIGHCVSS 7.3EG 7.32025-09-16
A flaw has been found in Campcodes Grocery Sales and Inventory System 1.0. This affects an unknown function of the file /ajax.php?action=save_product. This manipulation of the argument ID causes sql injection. Remote exploitation of the at…
- CVE-2025-10563HIGHCVSS 7.3EG 7.32025-09-16
A vulnerability has been found in Campcodes Grocery Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=save_category. Such manipulation of the argument ID leads to sql injection. The attack can be…
- CVE-2025-10564HIGHCVSS 7.3EG 7.32025-09-16
A vulnerability was found in Campcodes Grocery Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=delete_category. Performing manipulation of the argument ID results in sql injection. The attack is…
- CVE-2025-10565HIGHCVSS 7.3EG 7.32025-09-16
A vulnerability was determined in Campcodes Grocery Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_receiving. Executing manipulation of the argument ID can lea…
- CVE-2025-10592MEDIUMCVSS 6.3EG 6.32025-09-17
A security vulnerability has been detected in itsourcecode Online Public Access Catalog OPAC 1.0. This impacts an unknown function of the file mysearch.php of the component POST Parameter Handler. Such manipulation of the argument search_f…
- CVE-2025-10593MEDIUMCVSS 6.3EG 6.32025-09-17
A vulnerability was detected in SourceCodester Online Student File Management System 1.0. Affected is an unknown function of the file /admin/update_student.php. Performing manipulation of the argument stud_id results in sql injection. It i…
- CVE-2025-10594MEDIUMCVSS 6.3EG 6.32025-09-17
A flaw has been found in SourceCodester Online Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/delete_student.php. Executing manipulation of the argument stud_id can lead to…
- CVE-2025-10595MEDIUMCVSS 6.3EG 6.32025-09-17
A vulnerability has been found in SourceCodester Online Student File Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/delete_user.php. The manipulation of the argument user_id leads to sql inje…
- CVE-2025-10596HIGHCVSS 7.3EG 7.32025-09-17
A vulnerability was found in SourceCodester Online Exam Form Submission 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument usn results in sql injection. The attack can be launched remotely. The explo…
- CVE-2025-10597HIGHCVSS 7.3EG 7.32025-09-17
A vulnerability was determined in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. This vulnerability affects unknown code of the file /Profilers/PriProfile/COUNT2.php. This manipulation of the argument cname ca…
- CVE-2025-10598HIGHCVSS 7.3EG 7.32025-09-17
A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This issue affects some unknown processing of the file /admin/search_product.php. Such manipulation of the argument group_id leads to sql injection. The…
- CVE-2025-10599HIGHCVSS 7.3EG 7.32025-09-17
A security flaw has been discovered in itsourcecode Web-Based Internet Laboratory Management System 1.0. Impacted is the function User::AuthenticateUser of the file login.php. Performing manipulation of the argument user_email results in s…
- CVE-2025-10601HIGHCVSS 7.3EG 7.32025-09-17
A vulnerability has been found in SourceCodester Online Exam Form Submission 1.0. Affected is an unknown function of the file /admin/index.php. Such manipulation of the argument email leads to sql injection. It is possible to launch the at…
- CVE-2025-10602MEDIUMCVSS 6.3EG 6.32025-09-17
A vulnerability was found in SourceCodester Online Exam Form Submission 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/delete_s1.php. Performing manipulation of the argument ID results in sql injection. …
- CVE-2025-10603HIGHCVSS 7.3EG 7.32025-09-17
A vulnerability was determined in PHPGurukul Online Discussion Forum 1.0. Affected by this issue is some unknown functionality of the file /admin/admin_forum/search_result.php. Executing manipulation of the argument Search can lead to sql …
- CVE-2025-10604HIGHCVSS 7.3EG 7.32025-09-17
A vulnerability was identified in PHPGurukul Online Discussion Forum 1.0. This affects an unknown part of the file /admin/edit_member.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. Th…
- CVE-2025-10613MEDIUMCVSS 6.3EG 6.32025-09-17
A vulnerability has been found in itsourcecode Student Information System 1.0. The affected element is an unknown function of the file /leveledit1.php. Such manipulation of the argument level_id leads to sql injection. The attack may be pe…
- CVE-2025-10617MEDIUMCVSS 6.3EG 6.32025-09-17
A weakness has been identified in SourceCodester Online Polling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/positions.php. This manipulation of the argument ID causes sql injection. The attack …
- CVE-2025-10618MEDIUMCVSS 6.3EG 6.32025-09-17
A security vulnerability has been detected in itsourcecode Online Clinic Management System 1.0. Affected by this issue is some unknown functionality of the file transact.php. Such manipulation of the argument firstname leads to sql injecti…
- CVE-2025-10620MEDIUMCVSS 6.3EG 6.32025-09-17
A flaw has been found in itsourcecode Online Clinic Management System 1.0. This vulnerability affects unknown code of the file /editp2.php. Executing manipulation of the argument id/firstname/lastname/type/age/address can lead to sql injec…
- CVE-2025-10621HIGHCVSS 7.3EG 7.32025-09-17
A vulnerability was determined in SourceCodester Hotel Reservation System 1.0. The affected element is an unknown function of the file editroomimage.php. This manipulation of the argument ID causes sql injection. It is possible to initiate…
- CVE-2025-10623HIGHCVSS 7.3EG 7.32025-09-17
A vulnerability was identified in SourceCodester Hotel Reservation System 1.0. The impacted element is an unknown function of the file deleteuser.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch th…
- CVE-2025-10624HIGHCVSS 7.3EG 7.32025-09-17
A security flaw has been discovered in PHPGurukul User Management System 1.0. This affects an unknown function of the file /login.php. Performing manipulation of the argument emailid results in sql injection. The attack can be initiated re…
- CVE-2025-10625MEDIUMCVSS 6.3EG 6.32025-09-17
A vulnerability was detected in SourceCodester Online Exam Form Submission 1.0. Affected by this vulnerability is an unknown functionality of the file /user/dashboard.php?page=update_profile. The manipulation of the argument phone results …
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →