CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,089 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 34 of 102
- CVE-2025-10626MEDIUMCVSS 6.3EG 6.32025-09-18
A flaw has been found in SourceCodester Online Exam Form Submission 1.0. Affected by this issue is some unknown functionality of the file /admin/update_s3.php. This manipulation of the argument credits causes sql injection. Remote exploita…
- CVE-2025-10627MEDIUMCVSS 6.3EG 6.32025-09-18
A vulnerability has been found in SourceCodester Online Exam Form Submission 1.0. This affects an unknown part of the file /admin/delete_user.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remo…
- CVE-2025-10628MEDIUMCVSS 6.3EG 6.32025-09-18
A vulnerability was found in D-Link DIR-852 1.00CN B09. This vulnerability affects unknown code of the file /htdocs/cgibin/hedwig.cgi of the component Web Management Interface. Performing manipulation results in command injection. The atta…
- CVE-2025-10629MEDIUMCVSS 6.3EG 6.32025-09-18
A vulnerability was determined in D-Link DIR-852 1.00CN B09. This issue affects the function ssdpcgi_main of the file htodcs/cgibin of the component Simple Service Discovery Protocol Service. Executing manipulation of the argument ST can l…
- CVE-2025-10634MEDIUMCVSS 6.3EG 6.32025-09-18
A weakness has been identified in D-Link DIR-823X 240126/240802/250416. The impacted element is the function sub_412E7C of the file /usr/sbin/goahead of the component Environment Variable Handler. This manipulation of the argument terminal…
- CVE-2025-10662MEDIUMCVSS 4.7EG 4.72025-09-18
A vulnerability has been found in SeaCMS up to 13.3. The impacted element is an unknown function of the file /admin_members.php?ac=editsave. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. …
- CVE-2025-10663HIGHCVSS 7.3EG 7.32025-09-18
A vulnerability was found in PHPGurukul Online Course Registration 3.1. This affects an unknown function of the file /my-profile.php. Performing manipulation of the argument cgpa results in sql injection. The attack may be initiated remote…
- CVE-2025-10664HIGHCVSS 7.3EG 7.32025-09-18
A vulnerability was determined in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /create-ticket.php. Executing manipulation of the argument subject can lead to sql injection. The attack may be launched remotely. The…
- CVE-2025-10665MEDIUMCVSS 6.3EG 6.32025-09-18
A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. Affected is an unknown function of the file /Profilers/PProfile/COUNT3s3.php. The manipulation of the argument csem leads to sql…
- CVE-2025-10667HIGHCVSS 7.3EG 7.32025-09-18
A weakness has been identified in itsourcecode Online Discussion Forum 1.0. Affected by this issue is some unknown functionality of the file /members/compose_msg.php. This manipulation of the argument ID causes sql injection. The attack is…
- CVE-2025-10668HIGHCVSS 7.3EG 7.32025-09-18
A security vulnerability has been detected in itsourcecode Online Discussion Forum 1.0. This affects an unknown part of the file /members/compose_msg_admin.php. Such manipulation of the argument ID leads to sql injection. The attack may be…
- CVE-2025-10670HIGHCVSS 7.3EG 7.32025-09-18
A flaw has been found in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. This issue affects some unknown processing of the file /check_profile.php. Executing manipulation of the argument profile_id can lead to sql in…
- CVE-2025-10673HIGHCVSS 7.3EG 7.32025-09-18
A vulnerability was determined in itsourcecode Student Information Management System 1.0. The impacted element is an unknown function of the file /admin/modules/class/index.php. This manipulation of the argument classId causes sql injectio…
- CVE-2025-10687HIGHCVSS 7.3EG 7.32025-09-18
A vulnerability was found in SourceCodester Responsive E-Learning System 1.0. This affects an unknown part of the file /admin/add_teacher.php. The manipulation of the argument Username results in sql injection. It is possible to launch the…
- CVE-2025-10688HIGHCVSS 7.3EG 7.32025-09-18
A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/operation/paid.php. This manipulation of the argument inv_no/insta_amt causes sql injection. …
- CVE-2025-10689MEDIUMCVSS 6.3EG 6.32025-09-18
A vulnerability was identified in D-Link DIR-645 105B01. This issue affects the function soapcgi_main of the file /soap.cgi. Such manipulation of the argument service leads to command injection. The attack can be launched remotely. The exp…
- CVE-2025-10712HIGHCVSS 7.3EG 7.32025-09-19
A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This issue affects some unknown processing of the file /index.php/Login/login. Performing manipulation of the argument Username results in sql injection. It is p…
- CVE-2025-10762MEDIUMCVSS 6.3EG 6.32025-09-21
A vulnerability was found in kuaifan DooTask up to 1.2.49. Affected by this vulnerability is an unknown functionality of the file app/Http/Controllers/Api/UsersController.php. The manipulation of the argument keys[department] results in sq…
- CVE-2025-10780MEDIUMCVSS 6.3EG 6.32025-09-22
A vulnerability was determined in CodeAstro Simple Pharmacy Management 1.0. This affects an unknown function of the file /view.php. This manipulation of the argument bar_code causes sql injection. Remote exploitation of the attack is possi…
- CVE-2025-10781HIGHCVSS 7.3EG 7.32025-09-22
A vulnerability was identified in Campcodes Online Learning Management System 1.0. This impacts an unknown function of the file /admin/edit_class.php. Such manipulation of the argument class_name leads to sql injection. The attack can be e…
- CVE-2025-10782HIGHCVSS 7.3EG 7.32025-09-22
A security flaw has been discovered in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /admin/class.php. Performing manipulation of the argument class_name results in sql injection. The attack i…
- CVE-2025-10783HIGHCVSS 7.3EG 7.32025-09-22
A weakness has been identified in Campcodes Online Learning Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add_subject.php. Executing manipulation of the argument subject_code can lead …
- CVE-2025-10784HIGHCVSS 7.3EG 7.32025-09-22
A security vulnerability has been detected in Campcodes Online Learning Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit_subject.php. The manipulation of the argument subject_code leads to…
- CVE-2025-10785HIGHCVSS 7.3EG 7.32025-09-22
A vulnerability was detected in Campcodes Grocery Sales and Inventory System 1.0. This affects an unknown part of the file /manage_user.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack …
- CVE-2025-10786HIGHCVSS 7.3EG 7.32025-09-22
A flaw has been found in Campcodes Grocery Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=delete_user. This manipulation of the argument ID causes sql injection. The attack can be initi…
- CVE-2025-10788HIGHCVSS 7.3EG 7.32025-09-22
A vulnerability was determined in SourceCodester Online Hotel Reservation System 1.0. The affected element is an unknown function of the file deleteroominventory.php. Executing manipulation of the argument ID can lead to sql injection. The…
- CVE-2025-10789HIGHCVSS 7.3EG 7.32025-09-22
A vulnerability was identified in SourceCodester Online Hotel Reservation System 1.0. The impacted element is an unknown function of the file deleteslide.php. The manipulation of the argument ID leads to sql injection. Remote exploitation …
- CVE-2025-10790MEDIUMCVSS 6.3EG 6.32025-09-22
A security flaw has been discovered in SourceCodester Simple Forum Discussion System 1.0. This affects an unknown function of the file /ajax.php?action=save_category. The manipulation of the argument Description results in sql injection. T…
- CVE-2025-10791HIGHCVSS 7.3EG 7.32025-09-22
A weakness has been identified in code-projects Online Bidding System 1.0. This impacts an unknown function of the file /administrator/index.php. This manipulation of the argument aduser causes sql injection. The attack is possible to be c…
- CVE-2025-10793HIGHCVSS 7.3EG 7.32025-09-22
A vulnerability was detected in code-projects E-Commerce Website 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/admin_account_delete.php. Performing manipulation of the argument user_id results in sql in…
- CVE-2025-10795HIGHCVSS 7.3EG 7.32025-09-22
A vulnerability has been found in code-projects Online Bidding System 1.0. This affects an unknown part of the file /administrator/bidupdate.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remot…
- CVE-2025-10796HIGHCVSS 7.3EG 7.32025-09-22
A vulnerability was found in code-projects Hostel Management System 1.0. This vulnerability affects unknown code of the file /justines/admin/login.php. The manipulation of the argument email results in sql injection. The attack can be laun…
- CVE-2025-10797HIGHCVSS 7.3EG 7.32025-09-22
A vulnerability was determined in code-projects Hostel Management System 1.0. This issue affects some unknown processing of the file /justines/index.php. This manipulation of the argument log_email causes sql injection. The attack may be i…
- CVE-2025-10798HIGHCVSS 7.3EG 7.32025-09-22
A vulnerability was identified in code-projects Hostel Management System 1.0. Impacted is an unknown function of the file /justines/admin/mod_roomtype/index.php?view=view. Such manipulation of the argument ID leads to sql injection. The at…
- CVE-2025-10799HIGHCVSS 7.3EG 7.32025-09-22
A security flaw has been discovered in code-projects Hostel Management System 1.0. The affected element is an unknown function of the file /justines/admin/mod_reservation/index.php?view=view. Performing manipulation of the argument ID resu…
- CVE-2025-10800HIGHCVSS 7.3EG 7.32025-09-22
A weakness has been identified in itsourcecode Online Discussion Forum 1.0. The impacted element is an unknown function of the file /index.php. Executing manipulation of the argument email/password can lead to sql injection. The attack can…
- CVE-2025-10801HIGHCVSS 7.3EG 7.32025-09-22
A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown function of the file /admin/edit_tax.php. The manipulation of the argument ID leads to sql injection. The attack is …
- CVE-2025-10802HIGHCVSS 7.3EG 7.32025-09-22
A flaw has been found in code-projects Online Bidding System 1.0. Affected is an unknown function of the file /administrator/remove.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remot…
- CVE-2025-10804MEDIUMCVSS 6.3EG 6.32025-09-22
A vulnerability was found in Campcodes Online Beauty Parlor Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/add-customer.php. Performing manipulation of the argument mobilenum results in sql i…
- CVE-2025-10805MEDIUMCVSS 6.3EG 6.32025-09-22
A vulnerability was determined in Campcodes Online Beauty Parlor Management System 1.0. This affects an unknown part of the file /admin/add-services.php. Executing manipulation of the argument sername can lead to sql injection. The attack …
- CVE-2025-10806MEDIUMCVSS 6.3EG 6.32025-09-22
A vulnerability was identified in Campcodes Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql i…
- CVE-2025-10807MEDIUMCVSS 6.3EG 6.32025-09-22
A security flaw has been discovered in Campcodes Online Beauty Parlor Management System 1.0. This issue affects some unknown processing of the file /admin/edit-customer-detailed.php. The manipulation of the argument editid results in sql i…
- CVE-2025-10808HIGHCVSS 7.3EG 7.32025-09-22
A weakness has been identified in Campcodes Farm Management System 1.0. Impacted is an unknown function of the file /uploadProduct.php. This manipulation of the argument Type causes sql injection. Remote exploitation of the attack is possi…
- CVE-2025-10809HIGHCVSS 7.3EG 7.32025-09-22
A security vulnerability has been detected in Campcodes Online Learning Management System 1.0. The affected element is an unknown function of the file /admin/department.php. Such manipulation of the argument d leads to sql injection. The a…
- CVE-2025-10810HIGHCVSS 7.3EG 7.32025-09-22
A vulnerability was detected in Campcodes Online Learning Management System 1.0. The impacted element is an unknown function of the file /admin/edit_user.php. Performing manipulation of the argument firstname results in sql injection. The …
- CVE-2025-10811HIGHCVSS 7.3EG 7.32025-09-22
A flaw has been found in code-projects Hostel Management System 1.0. This affects an unknown function of the file /justines/admin/mod_comments/index.php?view=view. Executing manipulation of the argument ID can lead to sql injection. The at…
- CVE-2025-10812HIGHCVSS 7.3EG 7.32025-09-22
A vulnerability has been found in code-projects Hostel Management System 1.0. This impacts an unknown function of the file /justines/admin/mod_amenities/index.php?view=view. The manipulation of the argument ID leads to sql injection. It is…
- CVE-2025-10813HIGHCVSS 7.3EG 7.32025-09-22
A vulnerability was found in code-projects Hostel Management System 1.0. Affected is an unknown function of the file /justines/admin/mod_reports/index.php. The manipulation of the argument Home results in sql injection. It is possible to l…
- CVE-2025-10814MEDIUMCVSS 6.3EG 6.32025-09-22
A vulnerability was determined in D-Link DIR-823X 240126/240802/250416. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/goahead. This manipulation of the argument port causes command injection. The attack c…
- CVE-2025-10817HIGHCVSS 7.3EG 7.32025-09-22
A weakness has been identified in Campcodes Online Learning Management System 1.0. This vulnerability affects unknown code of the file /admin/admin_user.php. Executing manipulation of the argument firstname can lead to sql injection. The a…
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →